Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
17.12.2024 ________.exe

Overview

General Information

Sample name:17.12.2024 ________.exe
Analysis ID:1576688
MD5:344967abba36524514c992f808adb6c8
SHA1:1d9689bf64b4de90e2dfb4d8df18cfba15420b96
SHA256:b70e02c6c4248dd1af3c6ed70b9e016592ab30f6020e109767cbdf81b8c70b02
Tags:exeRedLineStealeruser-abuse_ch
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected RedLine Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • 17.12.2024 ________.exe (PID: 1908 cmdline: "C:\Users\user\Desktop\17.12.2024 ________.exe" MD5: 344967ABBA36524514C992F808ADB6C8)
    • 17.12.2024 ________.exe (PID: 5708 cmdline: "C:\Users\user\Desktop\17.12.2024 ________.exe" MD5: 344967ABBA36524514C992F808ADB6C8)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
{"C2 url": ["87.120.120.86:1912"], "Bot Id": "LOGS", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000000.00000002.2147189244.0000000004231000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000003.00000002.2265030461.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000000.00000002.2147189244.0000000004AA4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Click to see the 4 entries
                SourceRuleDescriptionAuthorStrings
                3.2.17.12.2024 ________.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.2.17.12.2024 ________.exe.4e0f1d8.2.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      0.2.17.12.2024 ________.exe.4e0f1d8.2.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                          System Summary

                          barindex
                          Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\17.12.2024 ________.exe", CommandLine: "C:\Users\user\Desktop\17.12.2024 ________.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\17.12.2024 ________.exe, NewProcessName: C:\Users\user\Desktop\17.12.2024 ________.exe, OriginalFileName: C:\Users\user\Desktop\17.12.2024 ________.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Users\user\Desktop\17.12.2024 ________.exe", ProcessId: 1908, ProcessName: 17.12.2024 ________.exe
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-17T12:02:04.727151+010020432341A Network Trojan was detected87.120.120.861912192.168.2.649710TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-17T12:02:04.329415+010020432311A Network Trojan was detected192.168.2.64971087.120.120.861912TCP
                          2024-12-17T12:02:09.902370+010020432311A Network Trojan was detected192.168.2.64971087.120.120.861912TCP
                          2024-12-17T12:02:12.993662+010020432311A Network Trojan was detected192.168.2.64971087.120.120.861912TCP
                          2024-12-17T12:02:13.460956+010020432311A Network Trojan was detected192.168.2.64971087.120.120.861912TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-17T12:02:11.435802+010020460561A Network Trojan was detected87.120.120.861912192.168.2.649710TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-17T12:02:04.329415+010020460451A Network Trojan was detected192.168.2.64971087.120.120.861912TCP

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Source: 00000000.00000002.2147189244.0000000004231000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": ["87.120.120.86:1912"], "Bot Id": "LOGS", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                          Source: 17.12.2024 ________.exeReversingLabs: Detection: 39%
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Source: 17.12.2024 ________.exeJoe Sandbox ML: detected
                          Source: 17.12.2024 ________.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: 17.12.2024 ________.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: mcAp.pdb source: 17.12.2024 ________.exe
                          Source: Binary string: mcAp.pdbSHA256 source: 17.12.2024 ________.exe
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 4x nop then jmp 06B058C5h3_2_06B05600
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 4x nop then jmp 06B08988h3_2_06B08490
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 4x nop then jmp 06B03672h3_2_06B03250
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 4x nop then jmp 06B03AF2h3_2_06B03250
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 4x nop then jmp 06B060C7h3_2_06B05968
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 4x nop then jmp 06B04B65h3_2_06B04B44

                          Networking

                          barindex
                          Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.6:49710 -> 87.120.120.86:1912
                          Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.6:49710 -> 87.120.120.86:1912
                          Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 87.120.120.86:1912 -> 192.168.2.6:49710
                          Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 87.120.120.86:1912 -> 192.168.2.6:49710
                          Source: Malware configuration extractorURLs: 87.120.120.86:1912
                          Source: global trafficTCP traffic: 192.168.2.6:49710 -> 87.120.120.86:1912
                          Source: Joe Sandbox ViewASN Name: UNACS-AS-BG8000BurgasBG UNACS-AS-BG8000BurgasBG
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                          Source: 17.12.2024 ________.exe, 00000000.00000002.2146095412.0000000003231000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002F7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002F7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002F7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3ResponseD
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                          Source: 17.12.2024 ________.exe, 00000000.00000002.2147189244.0000000004231000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000000.00000002.2147189244.0000000004AA4000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2265030461.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_03073E280_2_03073E28
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_0307E1040_2_0307E104
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_03076F900_2_03076F90
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_06667A080_2_06667A08
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_066674480_2_06667448
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_066674580_2_06667458
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC65C00_2_07CC65C0
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCDDF00_2_07CCDDF0
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC7CAA0_2_07CC7CAA
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCF4180_2_07CCF418
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC8B280_2_07CC8B28
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCE7D00_2_07CCE7D0
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCE7E00_2_07CCE7E0
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC77080_2_07CC7708
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCAE080_2_07CCAE08
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCAE180_2_07CCAE18
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCDDE30_2_07CCDDE3
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC654D0_2_07CC654D
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC65210_2_07CC6521
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCF4080_2_07CCF408
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCAC010_2_07CCAC01
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCAC100_2_07CCAC10
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCE3D80_2_07CCE3D8
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCE3E80_2_07CCE3E8
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCEB900_2_07CCEB90
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC8B270_2_07CC8B27
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC8AC90_2_07CC8AC9
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC5A6F0_2_07CC5A6F
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC727F0_2_07CC727F
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCB2790_2_07CCB279
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC9A080_2_07CC9A08
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC99F90_2_07CC99F9
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCE0980_2_07CCE098
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCB0990_2_07CCB099
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCB0A80_2_07CCB0A8
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCE0A80_2_07CCE0A8
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA05F00_2_07EA05F0
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA00400_2_07EA0040
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EAD8500_2_07EAD850
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA66C20_2_07EA66C2
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA05E00_2_07EA05E0
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA75D80_2_07EA75D8
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA92000_2_07EA9200
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA92100_2_07EA9210
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA71A00_2_07EA71A0
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA00320_2_07EA0032
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA9E500_2_07EA9E50
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA7A000_2_07EA7A00
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_028CDC743_2_028CDC74
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_0505EE583_2_0505EE58
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_050588503_2_05058850
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_050500063_2_05050006
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_050500403_2_05050040
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_050588403_2_05058840
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B0A6703_2_06B0A670
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B084903_2_06B08490
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B062803_2_06B06280
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B0B2783_2_06B0B278
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B032503_2_06B03250
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B03E8A3_2_06B03E8A
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B06CC03_2_06B06CC0
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B059683_2_06B05968
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B032413_2_06B03241
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B04BF83_2_06B04BF8
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B04BEE3_2_06B04BEE
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B019883_2_06B01988
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B019C03_2_06B019C0
                          Source: 17.12.2024 ________.exe, 00000000.00000002.2147189244.0000000004231000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000000.00000002.2156639547.0000000007C60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000000.00000002.2157797331.0000000009720000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000000.00000002.2147189244.0000000004AA4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000000.00000002.2147189244.0000000004AA4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000000.00000002.2145109529.000000000159E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000000.00000000.2130719647.0000000000EB2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamemcAp.exe: vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\000004B0\\OriginalFilename vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\040904B0\\OriginalFilename vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXE.MUID vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXED vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\080904B0\\OriginalFilename vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2265030461.0000000000446000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exeBinary or memory string: OriginalFilenamemcAp.exe: vs 17.12.2024 ________.exe
                          Source: 17.12.2024 ________.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: 17.12.2024 ________.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, DZmEcydRtCgJ32InVC.csSecurity API names: _0020.SetAccessControl
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, DZmEcydRtCgJ32InVC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, DZmEcydRtCgJ32InVC.csSecurity API names: _0020.AddAccessRule
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, DZmEcydRtCgJ32InVC.csSecurity API names: _0020.SetAccessControl
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, DZmEcydRtCgJ32InVC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, DZmEcydRtCgJ32InVC.csSecurity API names: _0020.AddAccessRule
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, Ym7MBMA3HUDom5ERtp.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, Ym7MBMA3HUDom5ERtp.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, Ym7MBMA3HUDom5ERtp.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, Ym7MBMA3HUDom5ERtp.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, DZmEcydRtCgJ32InVC.csSecurity API names: _0020.SetAccessControl
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, DZmEcydRtCgJ32InVC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, DZmEcydRtCgJ32InVC.csSecurity API names: _0020.AddAccessRule
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, Ym7MBMA3HUDom5ERtp.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, Ym7MBMA3HUDom5ERtp.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@0/1
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\17.12.2024 ________.exe.logJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMutant created: NULL
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
                          Source: 17.12.2024 ________.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: 17.12.2024 ________.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: 17.12.2024 ________.exeReversingLabs: Detection: 39%
                          Source: unknownProcess created: C:\Users\user\Desktop\17.12.2024 ________.exe "C:\Users\user\Desktop\17.12.2024 ________.exe"
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess created: C:\Users\user\Desktop\17.12.2024 ________.exe "C:\Users\user\Desktop\17.12.2024 ________.exe"
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess created: C:\Users\user\Desktop\17.12.2024 ________.exe "C:\Users\user\Desktop\17.12.2024 ________.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                          Source: 17.12.2024 ________.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: 17.12.2024 ________.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: 17.12.2024 ________.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: mcAp.pdb source: 17.12.2024 ________.exe
                          Source: Binary string: mcAp.pdbSHA256 source: 17.12.2024 ________.exe

                          Data Obfuscation

                          barindex
                          Source: 17.12.2024 ________.exe, Form11.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, DZmEcydRtCgJ32InVC.cs.Net Code: SJPt2PPNvS System.Reflection.Assembly.Load(byte[])
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, DZmEcydRtCgJ32InVC.cs.Net Code: SJPt2PPNvS System.Reflection.Assembly.Load(byte[])
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, DZmEcydRtCgJ32InVC.cs.Net Code: SJPt2PPNvS System.Reflection.Assembly.Load(byte[])
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_06664F7A pushad ; iretd 0_2_06664F81
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_0666BA98 push esp; iretd 0_2_0666BAA5
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_06664848 push eax; retf 0_2_06664849
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_066648E0 pushad ; retf 0_2_066648E1
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC877D push ebp; retf 0_2_07CC877E
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC8631 push ebx; retf 0_2_07CC8633
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCD5EB push esi; ret 0_2_07CCD5ED
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCDDE0 push eax; retf 0_2_07CCDDE1
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC84FC push ebp; retf 0_2_07CC84FD
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC9490 push esp; retf 0_2_07CC949E
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC83B6 push edx; retf 0_2_07CC83B7
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC837B push edi; retf 0_2_07CC837C
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCA208 push ebx; retf 0_2_07CCA216
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CCB239 push edi; retf 0_2_07CCB246
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC71B0 push esp; retf 0_2_07CC71BE
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC8177 push ebx; retf 0_2_07CC8179
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07CC8828 push esp; retf 0_2_07CC8829
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EAB685 pushfd ; retf 0_2_07EAB687
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EAE318 push cs; retf 0_2_07EAE326
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EAC260 pushfd ; retf 0_2_07EAC26E
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EAC210 pushfd ; retf 0_2_07EAC21E
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EAC1D0 pushfd ; retf 0_2_07EAC1DE
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA715B pushfd ; retf 0_2_07EA715D
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EAC150 pushfd ; retf 0_2_07EAC15E
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EAC0B4 pushfd ; retf 0_2_07EAC0B5
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA708D push FEE8BA4Dh; retf 0_2_07EA70A8
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EA7055 pushfd ; retf 0_2_07EA7069
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EAC020 pushfd ; retf 0_2_07EAC021
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EAC032 pushfd ; retf 0_2_07EAC033
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EAC00E pushfd ; retf 0_2_07EAC00F
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 0_2_07EABF77 pushfd ; retf 0_2_07EABF79
                          Source: 17.12.2024 ________.exeStatic PE information: section name: .text entropy: 7.663205691573035
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, SQEQ1Agti7QykdGolpk.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gnHIJ026oY', 'D02InqiSuM', 'ASAIHp27hM', 'ifpIIN3frl', 'b6vIXgoq3Q', 'sSyIpi4PBW', 'JANIadmjf5'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, VdP8nC5Iey1ymGZ06D.csHigh entropy of concatenated method names: 'DLJ0CCvErD', 'Efb0caq7Lj', 'fn90qAqG4s', 'IMR0SEk3CG', 'PxR0dOJ0ZR', 'YLQqMmLtwK', 'TPiq1NGrts', 'AgiqOnOkkK', 'VBeqNf6oAO', 'GO6q6vPng8'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, n0QUS2bbaFAk55aM6P.csHigh entropy of concatenated method names: 'GfVPjaPQ04', 'PjLP8PlMRr', 'yOAPA9Vpae', 'D6EPbbo1rB', 'M3oPemtox4', 'e04Phxy9WF', 'A6LPm9465v', 'MsLP4dtnSg', 'oTiPJ65w5P', 'D2BPnSMdH6'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, f6U7aKwl5iCNKDRuGd.csHigh entropy of concatenated method names: 'nZprA3hETZ', 'CqZrbyUthQ', 'aQKr5ThGxW', 's9KrT4SCo4', 'WDbrBFdvUu', 'CsMrlP7MT0', 'KUtr958kto', 'vjZri5F8er', 'FKFrov26Jo', 'lnWr7dUo0M'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, R8GUnq14MoQlxsfNhx.csHigh entropy of concatenated method names: 'S4KmNhg4fA', 'L8rmLrbH7M', 'NA14fM17ic', 'f4M4gYY6JT', 'DeWm7xPX20', 'hERmkr4D9W', 'qQ7mwNxcse', 'pZgmx3Q2j2', 'zAfmVZei4t', 'flPmEKpdsO'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, Bgu0mmLXl9ZcysKhQ2.csHigh entropy of concatenated method names: 'q3QnPHW7oY', 'z9inq6m9Nn', 'fP0n0xlFjq', 'UCBnSHpv0f', 'q65nJ38LMi', 'd4sndTxCug', 'Next', 'Next', 'Next', 'NextBytes'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, DZmEcydRtCgJ32InVC.csHigh entropy of concatenated method names: 'OZAYCbjMPr', 'Uh0YWuntI4', 'hQiYc9q5qQ', 'B18YPPNFOr', 'smLYq5CAIt', 'ItuY0hiaPg', 'AURYSXF177', 'gg7YdUW8oh', 'jO7YQV3NLI', 'vE3YUBRugy'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, wp4T3j6aO2vRGTEcme.csHigh entropy of concatenated method names: 'idTJ5XRreI', 'tWYJTt5Gyi', 'WnUJRq6mrb', 'LdJJBcYAd5', 'LJHJlswFOQ', 'xoUJDTGiY7', 'SRdJ9E0bpO', 'evIJipH0fW', 'hmOJu3EjEH', 'NToJoqOoWE'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, zOanqIO55hRism7BF2.csHigh entropy of concatenated method names: 'ACbJeGM4ek', 'JM5JmqISr1', 'IbOJJqpFjG', 'IrpJHn5UPH', 'BweJXXM14n', 'yp9JaQZiWh', 'Dispose', 'koK4WBFcC2', 'hGS4ckqwgj', 'mlB4P62rnh'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, HCLj5XDcEq2soi91uG.csHigh entropy of concatenated method names: 'fqS0E2KPPs', 'R3c0KuDUSs', 'DoP0MipxqN', 'ToString', 'kZI01O9waO', 'aeN0ObminV', 'AGvhMCXtgkfRcvStH3I', 'sSZ8OVXNMFBVO4tjIPI', 'UWaKTgX3LCjJ2d1egoc', 'kbyDIUXL8sEgIgGRZfY'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, KlQtOYtLMdu1GmpUZB.csHigh entropy of concatenated method names: 'SkLgSm7MBM', 'yHUgdDom5E', 'zbagUFAk55', 'wM6gZPAfBd', 'jLhgex01dP', 'CnCghIey1y', 'toKLkVSlj9Zlu45bJi', 'Gdon8Y5STA9e5NSh35', 'bN2ggbWc4d', 'gMSgYUjeNj'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, KLkwV7gfEsg8WuQ06Ut.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'u5cn7JLZwK', 'xmcnk7KgNO', 'LCmnw5gutG', 'XDSnxKIvqe', 'NtQnVBlXVJ', 'Nh3nE1ffMA', 'seonKpAR2g'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, kEAY23zhk8eXBWpuk6.csHigh entropy of concatenated method names: 'qBpn8KCH5k', 'ApGnAFH1D2', 'jGrnbq71Aa', 'CAIn5U5J8R', 'K59nTV8XrP', 'uCPnBt1MGM', 'X53nldRKhl', 'rUPnaWe4ho', 'HBtn34WTla', 'd6TnyQmvN1'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, FGZsma9UsaZFkMPRBh.csHigh entropy of concatenated method names: 'aEwSWnqNmO', 'epDSPWhuW7', 'xIyS0HjUVv', 'DO20LnYrPT', 'psZ0zRCdKd', 'NNoSf97Ky7', 'ob9SgqDkYv', 's83Ssk7IJl', 'lwaSYuaYgf', 'U3nStW7deO'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, VbkrPrcIqnclt7ECaj.csHigh entropy of concatenated method names: 'Dispose', 'pRig6sm7BF', 'uj3sTkftQd', 'giOTClRFAu', 'zdpgLnZjS3', 'a1QgzE6b53', 'ProcessDialogKey', 'oZasfp4T3j', 'wO2sgvRGTE', 'gmessFgu0m'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, Ym7MBMA3HUDom5ERtp.csHigh entropy of concatenated method names: 'sTscxuer0K', 'nkKcVJKaH3', 'BMjcEqa9Uq', 'CxJcKrR3yE', 'xPqcM1bwbc', 'ynmc1PscZX', 'U7lcOkPi3p', 'q1McNVYTAm', 'znXc6iBEIt', 'sJVcLYcLtZ'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, GwuKh9sHaMVh5NYMC6.csHigh entropy of concatenated method names: 'JsI25Wjgq', 'yLQjeZ2ru', 'AGl8SAEV6', 't08v0DlZ6', 'W2KbmElb9', 'TtjGH1JvR', 'CLmXVKBm8wSTAdeMDH', 'EgAag384vv7218pFRm', 'BeS4wlH64', 'toTn0tcnu'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, SFItRtKWv5MHjW3fo1.csHigh entropy of concatenated method names: 'LEYmUF3ZH1', 'r5emZUeQUw', 'ToString', 'JC5mWwZr6E', 'bxlmcgyXY7', 'IUlmPuNvga', 'T1BmqwaXlr', 'pJ1m0jl0rj', 'mchmSYSadM', 'wegmdiQyd1'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, pVmfJSEfI2BIfsq1Ql.csHigh entropy of concatenated method names: 'ToString', 'P9qh75xPrP', 'TwbhTsQlWj', 'f7NhRXPWWq', 'MAphBLfXe8', 'WpBhlQ0xli', 'i0qhDiy8qN', 'Rknh9VNSu9', 'qEIhibiKXa', 'CZahuLfASV'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, w5cbXKutkWNI5vYPWL.csHigh entropy of concatenated method names: 'MNIS3RJUTw', 'm3jSyKXKKW', 'UyJS2Y3tiO', 'kkrSjQBa0R', 'BsfSFCsjUC', 'HpBS8hfp3R', 'eE8Svr1ibg', 'j4VSA2qxAx', 'x5oSbor29Z', 'AM4SG9rGTv'
                          Source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, UKa1pGggFDRR4x0xwxs.csHigh entropy of concatenated method names: 'a1UnL9py8P', 'PkJnzkp0Rg', 'x67HfSLxSs', 'eAxHg2l7FI', 'oQEHsrL6wJ', 'x1xHYoMqe5', 'jNJHtOlSV6', 'UrKHC1dgPs', 'ASgHWXWg6X', 'rRVHcFi4lR'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, SQEQ1Agti7QykdGolpk.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gnHIJ026oY', 'D02InqiSuM', 'ASAIHp27hM', 'ifpIIN3frl', 'b6vIXgoq3Q', 'sSyIpi4PBW', 'JANIadmjf5'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, VdP8nC5Iey1ymGZ06D.csHigh entropy of concatenated method names: 'DLJ0CCvErD', 'Efb0caq7Lj', 'fn90qAqG4s', 'IMR0SEk3CG', 'PxR0dOJ0ZR', 'YLQqMmLtwK', 'TPiq1NGrts', 'AgiqOnOkkK', 'VBeqNf6oAO', 'GO6q6vPng8'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, n0QUS2bbaFAk55aM6P.csHigh entropy of concatenated method names: 'GfVPjaPQ04', 'PjLP8PlMRr', 'yOAPA9Vpae', 'D6EPbbo1rB', 'M3oPemtox4', 'e04Phxy9WF', 'A6LPm9465v', 'MsLP4dtnSg', 'oTiPJ65w5P', 'D2BPnSMdH6'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, f6U7aKwl5iCNKDRuGd.csHigh entropy of concatenated method names: 'nZprA3hETZ', 'CqZrbyUthQ', 'aQKr5ThGxW', 's9KrT4SCo4', 'WDbrBFdvUu', 'CsMrlP7MT0', 'KUtr958kto', 'vjZri5F8er', 'FKFrov26Jo', 'lnWr7dUo0M'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, R8GUnq14MoQlxsfNhx.csHigh entropy of concatenated method names: 'S4KmNhg4fA', 'L8rmLrbH7M', 'NA14fM17ic', 'f4M4gYY6JT', 'DeWm7xPX20', 'hERmkr4D9W', 'qQ7mwNxcse', 'pZgmx3Q2j2', 'zAfmVZei4t', 'flPmEKpdsO'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, Bgu0mmLXl9ZcysKhQ2.csHigh entropy of concatenated method names: 'q3QnPHW7oY', 'z9inq6m9Nn', 'fP0n0xlFjq', 'UCBnSHpv0f', 'q65nJ38LMi', 'd4sndTxCug', 'Next', 'Next', 'Next', 'NextBytes'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, DZmEcydRtCgJ32InVC.csHigh entropy of concatenated method names: 'OZAYCbjMPr', 'Uh0YWuntI4', 'hQiYc9q5qQ', 'B18YPPNFOr', 'smLYq5CAIt', 'ItuY0hiaPg', 'AURYSXF177', 'gg7YdUW8oh', 'jO7YQV3NLI', 'vE3YUBRugy'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, wp4T3j6aO2vRGTEcme.csHigh entropy of concatenated method names: 'idTJ5XRreI', 'tWYJTt5Gyi', 'WnUJRq6mrb', 'LdJJBcYAd5', 'LJHJlswFOQ', 'xoUJDTGiY7', 'SRdJ9E0bpO', 'evIJipH0fW', 'hmOJu3EjEH', 'NToJoqOoWE'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, zOanqIO55hRism7BF2.csHigh entropy of concatenated method names: 'ACbJeGM4ek', 'JM5JmqISr1', 'IbOJJqpFjG', 'IrpJHn5UPH', 'BweJXXM14n', 'yp9JaQZiWh', 'Dispose', 'koK4WBFcC2', 'hGS4ckqwgj', 'mlB4P62rnh'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, HCLj5XDcEq2soi91uG.csHigh entropy of concatenated method names: 'fqS0E2KPPs', 'R3c0KuDUSs', 'DoP0MipxqN', 'ToString', 'kZI01O9waO', 'aeN0ObminV', 'AGvhMCXtgkfRcvStH3I', 'sSZ8OVXNMFBVO4tjIPI', 'UWaKTgX3LCjJ2d1egoc', 'kbyDIUXL8sEgIgGRZfY'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, KlQtOYtLMdu1GmpUZB.csHigh entropy of concatenated method names: 'SkLgSm7MBM', 'yHUgdDom5E', 'zbagUFAk55', 'wM6gZPAfBd', 'jLhgex01dP', 'CnCghIey1y', 'toKLkVSlj9Zlu45bJi', 'Gdon8Y5STA9e5NSh35', 'bN2ggbWc4d', 'gMSgYUjeNj'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, KLkwV7gfEsg8WuQ06Ut.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'u5cn7JLZwK', 'xmcnk7KgNO', 'LCmnw5gutG', 'XDSnxKIvqe', 'NtQnVBlXVJ', 'Nh3nE1ffMA', 'seonKpAR2g'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, kEAY23zhk8eXBWpuk6.csHigh entropy of concatenated method names: 'qBpn8KCH5k', 'ApGnAFH1D2', 'jGrnbq71Aa', 'CAIn5U5J8R', 'K59nTV8XrP', 'uCPnBt1MGM', 'X53nldRKhl', 'rUPnaWe4ho', 'HBtn34WTla', 'd6TnyQmvN1'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, FGZsma9UsaZFkMPRBh.csHigh entropy of concatenated method names: 'aEwSWnqNmO', 'epDSPWhuW7', 'xIyS0HjUVv', 'DO20LnYrPT', 'psZ0zRCdKd', 'NNoSf97Ky7', 'ob9SgqDkYv', 's83Ssk7IJl', 'lwaSYuaYgf', 'U3nStW7deO'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, VbkrPrcIqnclt7ECaj.csHigh entropy of concatenated method names: 'Dispose', 'pRig6sm7BF', 'uj3sTkftQd', 'giOTClRFAu', 'zdpgLnZjS3', 'a1QgzE6b53', 'ProcessDialogKey', 'oZasfp4T3j', 'wO2sgvRGTE', 'gmessFgu0m'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, Ym7MBMA3HUDom5ERtp.csHigh entropy of concatenated method names: 'sTscxuer0K', 'nkKcVJKaH3', 'BMjcEqa9Uq', 'CxJcKrR3yE', 'xPqcM1bwbc', 'ynmc1PscZX', 'U7lcOkPi3p', 'q1McNVYTAm', 'znXc6iBEIt', 'sJVcLYcLtZ'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, GwuKh9sHaMVh5NYMC6.csHigh entropy of concatenated method names: 'JsI25Wjgq', 'yLQjeZ2ru', 'AGl8SAEV6', 't08v0DlZ6', 'W2KbmElb9', 'TtjGH1JvR', 'CLmXVKBm8wSTAdeMDH', 'EgAag384vv7218pFRm', 'BeS4wlH64', 'toTn0tcnu'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, SFItRtKWv5MHjW3fo1.csHigh entropy of concatenated method names: 'LEYmUF3ZH1', 'r5emZUeQUw', 'ToString', 'JC5mWwZr6E', 'bxlmcgyXY7', 'IUlmPuNvga', 'T1BmqwaXlr', 'pJ1m0jl0rj', 'mchmSYSadM', 'wegmdiQyd1'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, pVmfJSEfI2BIfsq1Ql.csHigh entropy of concatenated method names: 'ToString', 'P9qh75xPrP', 'TwbhTsQlWj', 'f7NhRXPWWq', 'MAphBLfXe8', 'WpBhlQ0xli', 'i0qhDiy8qN', 'Rknh9VNSu9', 'qEIhibiKXa', 'CZahuLfASV'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, w5cbXKutkWNI5vYPWL.csHigh entropy of concatenated method names: 'MNIS3RJUTw', 'm3jSyKXKKW', 'UyJS2Y3tiO', 'kkrSjQBa0R', 'BsfSFCsjUC', 'HpBS8hfp3R', 'eE8Svr1ibg', 'j4VSA2qxAx', 'x5oSbor29Z', 'AM4SG9rGTv'
                          Source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, UKa1pGggFDRR4x0xwxs.csHigh entropy of concatenated method names: 'a1UnL9py8P', 'PkJnzkp0Rg', 'x67HfSLxSs', 'eAxHg2l7FI', 'oQEHsrL6wJ', 'x1xHYoMqe5', 'jNJHtOlSV6', 'UrKHC1dgPs', 'ASgHWXWg6X', 'rRVHcFi4lR'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, SQEQ1Agti7QykdGolpk.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gnHIJ026oY', 'D02InqiSuM', 'ASAIHp27hM', 'ifpIIN3frl', 'b6vIXgoq3Q', 'sSyIpi4PBW', 'JANIadmjf5'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, VdP8nC5Iey1ymGZ06D.csHigh entropy of concatenated method names: 'DLJ0CCvErD', 'Efb0caq7Lj', 'fn90qAqG4s', 'IMR0SEk3CG', 'PxR0dOJ0ZR', 'YLQqMmLtwK', 'TPiq1NGrts', 'AgiqOnOkkK', 'VBeqNf6oAO', 'GO6q6vPng8'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, n0QUS2bbaFAk55aM6P.csHigh entropy of concatenated method names: 'GfVPjaPQ04', 'PjLP8PlMRr', 'yOAPA9Vpae', 'D6EPbbo1rB', 'M3oPemtox4', 'e04Phxy9WF', 'A6LPm9465v', 'MsLP4dtnSg', 'oTiPJ65w5P', 'D2BPnSMdH6'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, f6U7aKwl5iCNKDRuGd.csHigh entropy of concatenated method names: 'nZprA3hETZ', 'CqZrbyUthQ', 'aQKr5ThGxW', 's9KrT4SCo4', 'WDbrBFdvUu', 'CsMrlP7MT0', 'KUtr958kto', 'vjZri5F8er', 'FKFrov26Jo', 'lnWr7dUo0M'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, R8GUnq14MoQlxsfNhx.csHigh entropy of concatenated method names: 'S4KmNhg4fA', 'L8rmLrbH7M', 'NA14fM17ic', 'f4M4gYY6JT', 'DeWm7xPX20', 'hERmkr4D9W', 'qQ7mwNxcse', 'pZgmx3Q2j2', 'zAfmVZei4t', 'flPmEKpdsO'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, Bgu0mmLXl9ZcysKhQ2.csHigh entropy of concatenated method names: 'q3QnPHW7oY', 'z9inq6m9Nn', 'fP0n0xlFjq', 'UCBnSHpv0f', 'q65nJ38LMi', 'd4sndTxCug', 'Next', 'Next', 'Next', 'NextBytes'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, DZmEcydRtCgJ32InVC.csHigh entropy of concatenated method names: 'OZAYCbjMPr', 'Uh0YWuntI4', 'hQiYc9q5qQ', 'B18YPPNFOr', 'smLYq5CAIt', 'ItuY0hiaPg', 'AURYSXF177', 'gg7YdUW8oh', 'jO7YQV3NLI', 'vE3YUBRugy'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, wp4T3j6aO2vRGTEcme.csHigh entropy of concatenated method names: 'idTJ5XRreI', 'tWYJTt5Gyi', 'WnUJRq6mrb', 'LdJJBcYAd5', 'LJHJlswFOQ', 'xoUJDTGiY7', 'SRdJ9E0bpO', 'evIJipH0fW', 'hmOJu3EjEH', 'NToJoqOoWE'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, zOanqIO55hRism7BF2.csHigh entropy of concatenated method names: 'ACbJeGM4ek', 'JM5JmqISr1', 'IbOJJqpFjG', 'IrpJHn5UPH', 'BweJXXM14n', 'yp9JaQZiWh', 'Dispose', 'koK4WBFcC2', 'hGS4ckqwgj', 'mlB4P62rnh'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, HCLj5XDcEq2soi91uG.csHigh entropy of concatenated method names: 'fqS0E2KPPs', 'R3c0KuDUSs', 'DoP0MipxqN', 'ToString', 'kZI01O9waO', 'aeN0ObminV', 'AGvhMCXtgkfRcvStH3I', 'sSZ8OVXNMFBVO4tjIPI', 'UWaKTgX3LCjJ2d1egoc', 'kbyDIUXL8sEgIgGRZfY'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, KlQtOYtLMdu1GmpUZB.csHigh entropy of concatenated method names: 'SkLgSm7MBM', 'yHUgdDom5E', 'zbagUFAk55', 'wM6gZPAfBd', 'jLhgex01dP', 'CnCghIey1y', 'toKLkVSlj9Zlu45bJi', 'Gdon8Y5STA9e5NSh35', 'bN2ggbWc4d', 'gMSgYUjeNj'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, KLkwV7gfEsg8WuQ06Ut.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'u5cn7JLZwK', 'xmcnk7KgNO', 'LCmnw5gutG', 'XDSnxKIvqe', 'NtQnVBlXVJ', 'Nh3nE1ffMA', 'seonKpAR2g'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, kEAY23zhk8eXBWpuk6.csHigh entropy of concatenated method names: 'qBpn8KCH5k', 'ApGnAFH1D2', 'jGrnbq71Aa', 'CAIn5U5J8R', 'K59nTV8XrP', 'uCPnBt1MGM', 'X53nldRKhl', 'rUPnaWe4ho', 'HBtn34WTla', 'd6TnyQmvN1'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, FGZsma9UsaZFkMPRBh.csHigh entropy of concatenated method names: 'aEwSWnqNmO', 'epDSPWhuW7', 'xIyS0HjUVv', 'DO20LnYrPT', 'psZ0zRCdKd', 'NNoSf97Ky7', 'ob9SgqDkYv', 's83Ssk7IJl', 'lwaSYuaYgf', 'U3nStW7deO'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, VbkrPrcIqnclt7ECaj.csHigh entropy of concatenated method names: 'Dispose', 'pRig6sm7BF', 'uj3sTkftQd', 'giOTClRFAu', 'zdpgLnZjS3', 'a1QgzE6b53', 'ProcessDialogKey', 'oZasfp4T3j', 'wO2sgvRGTE', 'gmessFgu0m'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, Ym7MBMA3HUDom5ERtp.csHigh entropy of concatenated method names: 'sTscxuer0K', 'nkKcVJKaH3', 'BMjcEqa9Uq', 'CxJcKrR3yE', 'xPqcM1bwbc', 'ynmc1PscZX', 'U7lcOkPi3p', 'q1McNVYTAm', 'znXc6iBEIt', 'sJVcLYcLtZ'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, GwuKh9sHaMVh5NYMC6.csHigh entropy of concatenated method names: 'JsI25Wjgq', 'yLQjeZ2ru', 'AGl8SAEV6', 't08v0DlZ6', 'W2KbmElb9', 'TtjGH1JvR', 'CLmXVKBm8wSTAdeMDH', 'EgAag384vv7218pFRm', 'BeS4wlH64', 'toTn0tcnu'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, SFItRtKWv5MHjW3fo1.csHigh entropy of concatenated method names: 'LEYmUF3ZH1', 'r5emZUeQUw', 'ToString', 'JC5mWwZr6E', 'bxlmcgyXY7', 'IUlmPuNvga', 'T1BmqwaXlr', 'pJ1m0jl0rj', 'mchmSYSadM', 'wegmdiQyd1'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, pVmfJSEfI2BIfsq1Ql.csHigh entropy of concatenated method names: 'ToString', 'P9qh75xPrP', 'TwbhTsQlWj', 'f7NhRXPWWq', 'MAphBLfXe8', 'WpBhlQ0xli', 'i0qhDiy8qN', 'Rknh9VNSu9', 'qEIhibiKXa', 'CZahuLfASV'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, w5cbXKutkWNI5vYPWL.csHigh entropy of concatenated method names: 'MNIS3RJUTw', 'm3jSyKXKKW', 'UyJS2Y3tiO', 'kkrSjQBa0R', 'BsfSFCsjUC', 'HpBS8hfp3R', 'eE8Svr1ibg', 'j4VSA2qxAx', 'x5oSbor29Z', 'AM4SG9rGTv'
                          Source: 0.2.17.12.2024 ________.exe.9720000.4.raw.unpack, UKa1pGggFDRR4x0xwxs.csHigh entropy of concatenated method names: 'a1UnL9py8P', 'PkJnzkp0Rg', 'x67HfSLxSs', 'eAxHg2l7FI', 'oQEHsrL6wJ', 'x1xHYoMqe5', 'jNJHtOlSV6', 'UrKHC1dgPs', 'ASgHWXWg6X', 'rRVHcFi4lR'
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Source: Yara matchFile source: Process Memory Space: 17.12.2024 ________.exe PID: 1908, type: MEMORYSTR
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: 3070000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: 3230000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: 5230000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: 9C20000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: AC20000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: AE50000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: BE50000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: C500000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: D500000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: E500000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: 28C0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: 2A20000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: 4A20000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 240000Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239849Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239718Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239590Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239483Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239374Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239265Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239156Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239046Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWindow / User API: threadDelayed 1285Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWindow / User API: threadDelayed 607Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWindow / User API: threadDelayed 3529Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exe TID: 5096Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exe TID: 5096Thread sleep time: -240000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exe TID: 5096Thread sleep time: -239849s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exe TID: 5096Thread sleep time: -239718s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exe TID: 5096Thread sleep time: -239590s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exe TID: 5096Thread sleep time: -239483s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exe TID: 5096Thread sleep time: -239374s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exe TID: 5096Thread sleep time: -239265s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exe TID: 5096Thread sleep time: -239156s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exe TID: 5096Thread sleep time: -239046s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exe TID: 2792Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exe TID: 2820Thread sleep time: -12912720851596678s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exe TID: 5268Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 240000Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239849Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239718Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239590Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239483Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239374Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239265Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239156Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 239046Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2265790031.0000000000D23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002E97000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552LR
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002C45000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002D1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3QZrlT5uo4dswPOpnsJUzg7nmNYtWoEgESZWcUTH2xOwuFIKgJgfVnHTK+JLmAb/RowJPMKhAsCv3xIKp3A3J0bIrT6Kneikg7dvk+GJmkHFttaJEguSLSv129ueZxPU8u/jjbOh58SbK79gHC6fbyHtiXugGa2piEQXxG+bmG0Cus4t/nq2zXfIR5aooh8B19rBJQYmQ20FEfz4uFqfTRmf/+lM6Ex746uEtS7v0ouFUMm83c8HpZ5PQzRdxuv47EQAZ9PEP/ZL6ecyVbL+8hOSJm6+yF+1A6ySN83i+WdwHy5TP6AGa54yNOQDMt0K/OHXfg+kqThLIfk6QFsLDCjZdpZTGOzjUsCOwZe5C6Gi8Q8TVSedBLpSfsvQj8BDp18kmZ3ex54YP0+Gs0yuOc0oHyahpuklKSN9DNVuBZhWH/uMHS1PAuQ5a2Lju9F/SWeKm7prBc0jVP84iPJxdnHVJ/HDDDbXL54Z89qdU0Vcin6gqmwXrJjGgP4IA8IR19qewIwTnUCQdrTZp1GW0u9j1R6sUgPUrm2c5cvXl9oot3E2Yi+lA6TVxs+wzTv0RyoJlnAb/LVyrQ+JXXkt08JQiqZojt7zmAq6A6TMAI3d99XjZOb1H2Ej05cPkbrRi3jsQ/1cA/+FiEaSdYURoSjyCbui7SR58sFKCEAn3HKH4uwm3eDW6eeqSVnn3vRu5S+ZPUrZgKYs8lgl1/fYieGCfbdnVWn1in27qZ19Yfhv4WKpf3SAPgywfR4sYK3wdc8VGoHmK3TWFL5jmOUHB49Ogy2jYoedRvh3h9D96fGhUBv0WbVKW3Fxq4ViXVL2x9NKNgA+vC8A5zUncE8H2TafulfEOSRqFccYu86ht5uc0nLgpiCrzoulmnAYZLfk4zbvX51WQrYMsc8ORmzRWmqqLFXZVINxxVKaxrpheUhYRfRx54cZnzZZxdMOYT0VhpWbZdIcVFHnb3QBFJEgxwyQpCTte0yQjzn7uCUZsuA+iYIJO4a+Hmq+9ONtmOcMMYl7TbktlwpTMf366yxqm+uPbWY4CHOTnXrwGvPjnt7OfVwg2HHr8jHcJ5uzn/JOx/BvEfztbLR
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002CE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                          Source: 17.12.2024 ________.exe, 00000003.00000002.2270621978.0000000003C4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeCode function: 3_2_06B06CC0 LdrInitializeThunk,3_2_06B06CC0
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeMemory written: C:\Users\user\Desktop\17.12.2024 ________.exe base: 400000 value starts with: 4D5AJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeProcess created: C:\Users\user\Desktop\17.12.2024 ________.exe "C:\Users\user\Desktop\17.12.2024 ________.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Users\user\Desktop\17.12.2024 ________.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Users\user\Desktop\17.12.2024 ________.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                          Stealing of Sensitive Information

                          barindex
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 3.2.17.12.2024 ________.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.17.12.2024 ________.exe.4e0f1d8.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.17.12.2024 ________.exe.4e0f1d8.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2147189244.0000000004231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2265030461.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2147189244.0000000004AA4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 17.12.2024 ________.exe PID: 1908, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 17.12.2024 ________.exe PID: 5708, type: MEMORYSTR
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                          Source: C:\Users\user\Desktop\17.12.2024 ________.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                          Source: Yara matchFile source: 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 17.12.2024 ________.exe PID: 5708, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 3.2.17.12.2024 ________.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.17.12.2024 ________.exe.4e0f1d8.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.17.12.2024 ________.exe.4d7ffb8.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.17.12.2024 ________.exe.4e0f1d8.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.17.12.2024 ________.exe.4cf0d98.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2147189244.0000000004231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2265030461.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2147189244.0000000004AA4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 17.12.2024 ________.exe PID: 1908, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 17.12.2024 ________.exe PID: 5708, type: MEMORYSTR
                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                          Windows Management Instrumentation
                          1
                          DLL Side-Loading
                          111
                          Process Injection
                          1
                          Masquerading
                          1
                          OS Credential Dumping
                          221
                          Security Software Discovery
                          Remote Services1
                          Archive Collected Data
                          1
                          Encrypted Channel
                          Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                          DLL Side-Loading
                          1
                          Disable or Modify Tools
                          LSASS Memory1
                          Process Discovery
                          Remote Desktop Protocol2
                          Data from Local System
                          1
                          Non-Standard Port
                          Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                          Virtualization/Sandbox Evasion
                          Security Account Manager241
                          Virtualization/Sandbox Evasion
                          SMB/Windows Admin SharesData from Network Shared Drive1
                          Application Layer Protocol
                          Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                          Process Injection
                          NTDS1
                          Application Window Discovery
                          Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                          Obfuscated Files or Information
                          LSA Secrets113
                          System Information Discovery
                          SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                          Software Packing
                          Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          DLL Side-Loading
                          DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand
                          SourceDetectionScannerLabelLink
                          17.12.2024 ________.exe39%ReversingLabsWin32.Trojan.Strictor
                          17.12.2024 ________.exe100%Joe Sandbox ML
                          No Antivirus matches
                          No Antivirus matches
                          No Antivirus matches
                          No Antivirus matches
                          No contacted domains info
                          NameSourceMaliciousAntivirus DetectionReputation
                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://schemas.xmlsoap.org/ws/2005/02/sc/sct17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://tempuri.org/Entity/Id23ResponseD17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002F7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://tempuri.org/Entity/Id12Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://tempuri.org/17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://tempuri.org/Entity/Id2Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha117.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://tempuri.org/Entity/Id21Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://tempuri.org/Entity/Id917.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://tempuri.org/Entity/Id817.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://tempuri.org/Entity/Id517.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://tempuri.org/Entity/Id417.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://tempuri.org/Entity/Id717.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://tempuri.org/Entity/Id617.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://tempuri.org/Entity/Id19Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/fault17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://tempuri.org/Entity/Id15Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name17.12.2024 ________.exe, 00000000.00000002.2146095412.0000000003231000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://tempuri.org/Entity/Id6Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://api.ip.sb/ip17.12.2024 ________.exe, 00000000.00000002.2147189244.0000000004231000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000000.00000002.2147189244.0000000004AA4000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2265030461.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://schemas.xmlsoap.org/ws/2004/04/sc17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://tempuri.org/Entity/Id1ResponseD17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://tempuri.org/Entity/Id9Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://tempuri.org/Entity/Id2017.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://tempuri.org/Entity/Id2117.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://tempuri.org/Entity/Id2217.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA117.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://tempuri.org/Entity/Id2317.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA117.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://tempuri.org/Entity/Id2417.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://tempuri.org/Entity/Id24Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://tempuri.org/Entity/Id1Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressing17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://tempuri.org/Entity/Id1017.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://tempuri.org/Entity/Id1117.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        http://tempuri.org/Entity/Id1217.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          http://tempuri.org/Entity/Id16Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                http://tempuri.org/Entity/Id1317.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  http://tempuri.org/Entity/Id1417.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    http://tempuri.org/Entity/Id1517.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      http://tempuri.org/Entity/Id1617.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          http://tempuri.org/Entity/Id1717.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            http://tempuri.org/Entity/Id1817.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              http://tempuri.org/Entity/Id5Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                http://tempuri.org/Entity/Id1917.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    http://tempuri.org/Entity/Id10Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/Renew17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        http://tempuri.org/Entity/Id8Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.017.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2006/02/addressingidentity17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    http://schemas.xmlsoap.org/soap/envelope/17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA117.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              http://tempuri.org/Entity/Id3ResponseD17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002F7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                http://tempuri.org/Entity/Id23Response17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, 17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    http://tempuri.org/D17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/06/addressingex17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressing/fault17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew17.12.2024 ________.exe, 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                  • 75% < No. of IPs
                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                  87.120.120.86
                                                                                                                                                                                                                                  unknownBulgaria
                                                                                                                                                                                                                                  25206UNACS-AS-BG8000BurgasBGtrue
                                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                  Analysis ID:1576688
                                                                                                                                                                                                                                  Start date and time:2024-12-17 12:01:07 +01:00
                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                  Overall analysis duration:0h 5m 33s
                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                  Number of analysed new started processes analysed:8
                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                  Sample name:17.12.2024 ________.exe
                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@3/1@0/1
                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                  • Number of executed functions: 210
                                                                                                                                                                                                                                  • Number of non-executed functions: 30
                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 2.16.229.162, 13.107.246.63, 20.109.210.53
                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                  • VT rate limit hit for: 17.12.2024 ________.exe
                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                  06:01:59API Interceptor32x Sleep call for process: 17.12.2024 ________.exe modified
                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  87.120.120.86#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                    po4877383.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                      No context
                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      UNACS-AS-BG8000BurgasBG#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                      • 87.120.120.86
                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                      • 87.120.127.228
                                                                                                                                                                                                                                      file.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, XmrigBrowse
                                                                                                                                                                                                                                      • 87.120.127.228
                                                                                                                                                                                                                                      9coH9ASP3h.exeGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                                                                      • 87.120.121.160
                                                                                                                                                                                                                                      Estado.de.cuenta.xlsGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                                                                      • 87.120.121.160
                                                                                                                                                                                                                                      https://0388net.ccGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 87.120.125.144
                                                                                                                                                                                                                                      https://0388net.ccGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 87.120.125.144
                                                                                                                                                                                                                                      tqkdMdv2zO.docGet hashmaliciousXenoRATBrowse
                                                                                                                                                                                                                                      • 87.120.121.160
                                                                                                                                                                                                                                      file.exeGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                                                                      • 87.120.121.160
                                                                                                                                                                                                                                      uRxH0oSpKL.exeGet hashmaliciousAveMaria, PrivateLoader, UACMeBrowse
                                                                                                                                                                                                                                      • 87.120.121.160
                                                                                                                                                                                                                                      No context
                                                                                                                                                                                                                                      No context
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\17.12.2024 ________.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1415
                                                                                                                                                                                                                                      Entropy (8bit):5.352427679901606
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRaKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPHKMRatHo6hAH4
                                                                                                                                                                                                                                      MD5:97AD91F1C1F572C945DA12233082171D
                                                                                                                                                                                                                                      SHA1:D5E33DDAB37E32E416FC40419FB26B3C0563519D
                                                                                                                                                                                                                                      SHA-256:3F64591E0447E6F5034BC69A8A8D4C7ED36DAC5FE1E408401AE1B98F0D915F7E
                                                                                                                                                                                                                                      SHA-512:8FAEED342DADC17571F711DDC1BE67C79A51CA5BD56B5DA13E472ED45FC4EC6F1DC704BA92E81E97F5ECFD73F3D88F9B9CD9AE4EADDF993BFF826627215FBBCE
                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fc
                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                      Entropy (8bit):7.651861945682247
                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                                      File name:17.12.2024 ________.exe
                                                                                                                                                                                                                                      File size:930'816 bytes
                                                                                                                                                                                                                                      MD5:344967abba36524514c992f808adb6c8
                                                                                                                                                                                                                                      SHA1:1d9689bf64b4de90e2dfb4d8df18cfba15420b96
                                                                                                                                                                                                                                      SHA256:b70e02c6c4248dd1af3c6ed70b9e016592ab30f6020e109767cbdf81b8c70b02
                                                                                                                                                                                                                                      SHA512:7abf46fa865417af1e92006101cfbfe1c29ed4c030750db412bf3ef0d924670efdbd5615bed37e0976410b104a9668dfd780e6d0f9fe21f7a233324c213ffe70
                                                                                                                                                                                                                                      SSDEEP:12288:gOMPku+l0CPPOwq0b9XvY3GiNIyqp8Kfy1XYUWoYsaj5Ki2ld53wLgsR0ufYs0yT:WPd+pOpIVANFq+KfydxYsc9o53wcuz
                                                                                                                                                                                                                                      TLSH:4A15CFC0372AB701CD7CAA70893AEDB853652E34B040F9E6ADDD27D7759C7126A18F06
                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...."ag..............0..............6... ...@....@.. ....................................@................................
                                                                                                                                                                                                                                      Icon Hash:32642092d4f29244
                                                                                                                                                                                                                                      Entrypoint:0x4e361e
                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                      Time Stamp:0x676122DB [Tue Dec 17 07:06:03 2024 UTC]
                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                      OS Version Major:4
                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                      File Version Major:4
                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                      Subsystem Version Major:4
                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                      jmp dword ptr [00402000h]
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xe35cb0x4f.text
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xe40000x1750.rsrc
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xe60000xc.reloc
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xe133c0x54.text
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                      .text0x20000xe16240xe18003c4defcf02e2446fb278a10a168b85c9False0.8045792336474501data7.663205691573035IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .rsrc0xe40000x17500x1800c44965eb60cdd75c194bcad2bd349eb3False0.3899739583333333data5.074360939385814IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .reloc0xe60000xc0x200a6b3d18a2542fabb45b61a3966839434False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                      RT_ICON0xe41300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.3726547842401501
                                                                                                                                                                                                                                      RT_GROUP_ICON0xe51d80x14data1.1
                                                                                                                                                                                                                                      RT_VERSION0xe51ec0x378data0.43243243243243246
                                                                                                                                                                                                                                      RT_MANIFEST0xe55640x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                      mscoree.dll_CorExeMain
                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                      2024-12-17T12:02:04.329415+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.64971087.120.120.861912TCP
                                                                                                                                                                                                                                      2024-12-17T12:02:04.329415+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.64971087.120.120.861912TCP
                                                                                                                                                                                                                                      2024-12-17T12:02:04.727151+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response187.120.120.861912192.168.2.649710TCP
                                                                                                                                                                                                                                      2024-12-17T12:02:09.902370+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.64971087.120.120.861912TCP
                                                                                                                                                                                                                                      2024-12-17T12:02:11.435802+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)187.120.120.861912192.168.2.649710TCP
                                                                                                                                                                                                                                      2024-12-17T12:02:12.993662+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.64971087.120.120.861912TCP
                                                                                                                                                                                                                                      2024-12-17T12:02:13.460956+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.64971087.120.120.861912TCP
                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:02.929641008 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:03.049768925 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:03.049865007 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:03.060106039 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:03.180536985 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:04.291853905 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:04.329415083 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:04.451118946 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:04.727150917 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:04.773979902 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:09.902369976 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:10.022169113 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:10.296746016 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:10.296926022 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:10.296937943 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:10.296951056 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:10.296962976 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:10.297032118 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:10.297032118 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.315879107 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.435801983 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.435822964 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.435892105 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.435914040 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.435961962 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.435965061 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.435972929 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.436019897 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.436021090 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.436049938 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.436064959 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.436093092 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.436131001 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.436141014 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.436196089 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556091070 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556106091 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556114912 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556123972 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556133032 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556140900 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556170940 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556220055 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556353092 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556361914 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556411028 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556674004 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556684971 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556694031 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556703091 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556723118 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.556768894 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676495075 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676512003 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676522017 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676537991 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676552057 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676587105 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676632881 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676755905 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676765919 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676775932 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676785946 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676795959 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676805019 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676934958 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676959038 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676970005 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.676979065 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677005053 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677016973 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677031994 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677072048 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677078009 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677088022 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677134037 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677447081 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677457094 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677465916 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677475929 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677485943 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677495956 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677509069 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677515030 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677525997 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677534103 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677545071 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677550077 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677568913 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677591085 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.677608967 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.796586990 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.796623945 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.796633959 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.796658039 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.796667099 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.796721935 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.796781063 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.796791077 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.796827078 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.796871901 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.796981096 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.796989918 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.796993017 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797048092 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797094107 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797135115 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797185898 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797578096 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797588110 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797596931 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797605991 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797616005 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797626972 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797636986 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797683954 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797790051 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797928095 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.797936916 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798199892 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798208952 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798216105 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798226118 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798306942 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798316002 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798614025 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798623085 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798625946 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798741102 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798749924 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798897982 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798907042 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.798913956 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799032927 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799041986 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799050093 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799205065 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799212933 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799304008 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799371004 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799381018 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799381018 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799391031 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799587965 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799597025 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799606085 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799614906 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799623966 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799793959 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799802065 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799810886 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799820900 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799961090 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.799969912 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800041914 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800050020 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800204992 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800214052 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800224066 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800234079 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800427914 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800436974 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800445080 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800784111 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800793886 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800802946 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800813913 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800823927 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.800873041 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.917279005 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.917381048 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.917398930 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.917411089 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.917419910 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.917531967 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.917541981 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.917555094 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.917836905 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.917849064 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.917857885 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.917996883 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.918008089 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.918016911 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.918118000 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.918128967 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.918150902 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.918160915 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.918277979 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.918287039 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.918432951 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.918764114 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.918857098 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.919507027 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.919514894 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.919646025 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.919655085 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.919661045 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.919806004 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.919939041 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.919948101 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.919961929 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.919972897 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920094967 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920104980 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920231104 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920249939 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920259953 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920268059 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920397043 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920406103 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920538902 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920551062 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920696974 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920706034 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920861959 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.920881987 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921026945 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921037912 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921200991 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921210051 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921353102 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921360016 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921518087 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921526909 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921673059 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921681881 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921701908 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921710968 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921720028 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921982050 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921991110 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.921999931 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.922014952 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.922025919 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.922034979 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.922123909 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.922132969 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.922245979 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.922255039 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.922383070 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.922549009 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.922681093 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.922840118 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.922853947 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.922863007 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.947324038 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.947597980 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:11.947684050 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.038865089 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.038882017 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.038954973 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.038964987 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039012909 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039022923 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039093018 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039103031 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039140940 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039194107 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039202929 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039242029 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039357901 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039426088 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039464951 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039474010 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039557934 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039566994 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039608002 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039674044 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039719105 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.039772034 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040047884 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040056944 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040165901 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040175915 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040183067 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040191889 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040251017 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040261984 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040302038 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040359020 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040433884 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040442944 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040492058 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040501118 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040620089 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040755987 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040765047 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040775061 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040827990 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040836096 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040970087 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040978909 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.040994883 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.041085005 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.041094065 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.041104078 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.041124105 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.041131973 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.041210890 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.041271925 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.041393042 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.041403055 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.041735888 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.041868925 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068077087 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068087101 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068094969 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068104029 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068111897 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068495989 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068505049 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068516016 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068525076 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068533897 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068542957 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068737984 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068746090 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068753958 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068764925 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068773985 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068782091 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068792105 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068964958 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068974018 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068983078 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.068990946 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069200039 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069209099 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069217920 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069227934 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069236040 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069525957 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069534063 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069542885 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069552898 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069649935 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069659948 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069859028 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069868088 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069878101 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.069888115 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070487022 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070497036 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070513010 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070521116 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070528984 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070538044 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070545912 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070554018 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070563078 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070571899 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070952892 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070961952 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070969105 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070977926 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070986032 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070990086 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.070993900 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.071504116 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.071611881 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163690090 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163707018 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163716078 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163726091 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163737059 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163746119 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163753986 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163768053 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163775921 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163785934 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163794994 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163805008 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163814068 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163822889 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163830996 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163839102 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163846970 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163857937 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163866997 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163875103 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163887024 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163897038 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163908005 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163917065 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163927078 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163934946 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.163944006 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164180040 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164191008 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164199114 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164211035 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164222002 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164334059 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164344072 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164351940 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164493084 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164501905 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164659023 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164669037 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164678097 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164814949 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164823055 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164957047 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164966106 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164978027 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.164987087 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.165087938 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.165096998 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.165105104 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.165113926 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.165117979 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.165127993 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.165265083 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.165273905 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.165632010 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.165735006 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.191943884 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.191958904 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.191967010 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.191971064 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.191982031 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.191992998 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192004919 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192068100 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192292929 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192302942 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192313910 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192323923 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192364931 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192404032 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192821980 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192831039 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192838907 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192850113 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192858934 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.192868948 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.193255901 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.193264961 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.193274975 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.193284035 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.193295956 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.193305969 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.193655014 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.193664074 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.193672895 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.193681955 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.193691969 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194106102 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194117069 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194128036 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194135904 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194144964 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194153070 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194160938 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194169998 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194178104 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194188118 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194241047 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194541931 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194550037 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194557905 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194569111 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194578886 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194587946 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.194600105 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.195374012 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.195382118 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.195389986 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.195399046 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.195408106 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.195688963 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.195782900 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.285552979 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.285603046 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.285728931 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.285738945 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.285834074 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.285844088 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.285938978 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.285949945 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286081076 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286091089 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286103010 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286113977 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286264896 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286273956 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286319017 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286328077 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286421061 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286441088 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286676884 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286686897 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286695004 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286705971 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286798000 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286807060 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286919117 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286930084 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.286940098 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287107944 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287117958 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287127972 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287143946 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287153959 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287198067 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287208080 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287352085 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287362099 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287381887 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287391901 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287437916 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287448883 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287488937 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287777901 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287790060 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287798882 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287808895 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287817955 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287830114 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.287839890 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.288033962 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.288043976 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.288053989 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.288063049 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.288072109 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.288080931 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.288398027 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.315862894 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.315876961 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316072941 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316082001 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316212893 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316221952 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316355944 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316365004 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316457987 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316468000 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316629887 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316638947 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316648006 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316657066 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316696882 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316855907 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316864967 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316874027 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316921949 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.316931009 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.317219019 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.317228079 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.317306042 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.317378044 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.317545891 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.317553997 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.317656040 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.317893028 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.317902088 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.318114996 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.318124056 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.318393946 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.318403959 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.318412066 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.318419933 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.318428040 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.408579111 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.409832954 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.992903948 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:12.993662119 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:13.117685080 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:13.387142897 CET19124971087.120.120.86192.168.2.6
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:13.430314064 CET497101912192.168.2.687.120.120.86
                                                                                                                                                                                                                                      Dec 17, 2024 12:02:13.460956097 CET497101912192.168.2.687.120.120.86

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                      Start time:06:01:59
                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\17.12.2024 ________.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\17.12.2024 ________.exe"
                                                                                                                                                                                                                                      Imagebase:0xeb0000
                                                                                                                                                                                                                                      File size:930'816 bytes
                                                                                                                                                                                                                                      MD5 hash:344967ABBA36524514C992F808ADB6C8
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2147189244.0000000004231000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2147189244.0000000004AA4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                      Start time:06:02:00
                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\17.12.2024 ________.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\17.12.2024 ________.exe"
                                                                                                                                                                                                                                      Imagebase:0x6f0000
                                                                                                                                                                                                                                      File size:930'816 bytes
                                                                                                                                                                                                                                      MD5 hash:344967ABBA36524514C992F808ADB6C8
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000003.00000002.2265030461.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000003.00000002.2266425794.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                        Execution Coverage:11.5%
                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                                        Total number of Nodes:175
                                                                                                                                                                                                                                        Total number of Limit Nodes:6
                                                                                                                                                                                                                                        execution_graph 44830 7eac728 44833 7eac72d 44830->44833 44831 7eac8b3 44833->44831 44834 7eac324 44833->44834 44835 7eac9a8 PostMessageW 44834->44835 44836 7eaca14 44835->44836 44836->44833 44994 307d560 44995 307d561 44994->44995 44999 307d733 44995->44999 45003 307d740 44995->45003 44996 307d693 45000 307d740 44999->45000 45006 307d070 45000->45006 45004 307d070 DuplicateHandle 45003->45004 45005 307d76e 45004->45005 45005->44996 45007 307d7a8 DuplicateHandle 45006->45007 45009 307d76e 45007->45009 45009->44996 44837 7cc2b80 44838 7cc2b83 44837->44838 44841 7cc2b24 44837->44841 44839 7cc2b9e 44838->44839 44842 7cc2bbd 44838->44842 44844 7cc21d4 CloseHandle 44839->44844 44843 7cc2bb9 44844->44843 44845 7cc0040 44846 7cc008e DrawTextExW 44845->44846 44848 7cc00e6 44846->44848 44849 7ccda10 44850 7ccda58 VirtualProtect 44849->44850 44851 7ccda92 44850->44851 44852 7eaa937 44853 7eaa941 44852->44853 44856 7eab138 44852->44856 44871 7eab137 44852->44871 44857 7eab152 44856->44857 44858 7eab176 44857->44858 44886 7eab95c 44857->44886 44890 7eabeb8 44857->44890 44897 7eab5e6 44857->44897 44902 7eab746 44857->44902 44906 7eab982 44857->44906 44911 7eabbec 44857->44911 44915 7eab6b4 44857->44915 44922 7eabd76 44857->44922 44927 7eab8b1 44857->44927 44932 7eab8f1 44857->44932 44936 7eab7b2 44857->44936 44941 7eab71d 44857->44941 44858->44853 44872 7eab138 44871->44872 44873 7eab176 44872->44873 44874 7eabbec 2 API calls 44872->44874 44875 7eab982 2 API calls 44872->44875 44876 7eab746 2 API calls 44872->44876 44877 7eab5e6 2 API calls 44872->44877 44878 7eabeb8 4 API calls 44872->44878 44879 7eab95c 2 API calls 44872->44879 44880 7eab71d 2 API calls 44872->44880 44881 7eab7b2 2 API calls 44872->44881 44882 7eab8f1 2 API calls 44872->44882 44883 7eab8b1 2 API calls 44872->44883 44884 7eabd76 2 API calls 44872->44884 44885 7eab6b4 4 API calls 44872->44885 44873->44853 44874->44873 44875->44873 44876->44873 44877->44873 44878->44873 44879->44873 44880->44873 44881->44873 44882->44873 44883->44873 44884->44873 44885->44873 44887 7eab909 44886->44887 44946 7ea9a38 44887->44946 44950 7ea9a31 44887->44950 44954 7ea9ae0 44890->44954 44958 7ea9ae8 44890->44958 44891 7eabf44 44892 7eab909 44892->44891 44895 7ea9a38 ResumeThread 44892->44895 44896 7ea9a31 ResumeThread 44892->44896 44895->44892 44896->44892 44898 7eab5ec 44897->44898 44962 7eaa340 44898->44962 44966 7eaa334 44898->44966 44970 7ea9d68 44902->44970 44974 7ea9d70 44902->44974 44903 7eab768 44907 7eab9ac 44906->44907 44978 7ea9c79 44907->44978 44982 7ea9c80 44907->44982 44908 7eab8cd 44908->44858 44913 7ea9c79 WriteProcessMemory 44911->44913 44914 7ea9c80 WriteProcessMemory 44911->44914 44912 7eabbd9 44912->44858 44913->44912 44914->44912 44986 7ea9bb9 44915->44986 44990 7ea9bc0 44915->44990 44916 7eab6d5 44917 7eab8cd 44916->44917 44918 7ea9c79 WriteProcessMemory 44916->44918 44919 7ea9c80 WriteProcessMemory 44916->44919 44917->44858 44918->44917 44919->44917 44923 7eabd84 44922->44923 44924 7eab908 44922->44924 44925 7ea9a38 ResumeThread 44924->44925 44926 7ea9a31 ResumeThread 44924->44926 44925->44924 44926->44924 44928 7eab9ac 44927->44928 44930 7ea9c79 WriteProcessMemory 44928->44930 44931 7ea9c80 WriteProcessMemory 44928->44931 44929 7eab8cd 44929->44858 44930->44929 44931->44929 44933 7eab8f7 44932->44933 44934 7ea9a38 ResumeThread 44933->44934 44935 7ea9a31 ResumeThread 44933->44935 44934->44933 44935->44933 44937 7eabc92 44936->44937 44939 7ea9ae8 Wow64SetThreadContext 44937->44939 44940 7ea9ae0 Wow64SetThreadContext 44937->44940 44938 7eabcad 44939->44938 44940->44938 44942 7eab740 44941->44942 44944 7ea9c79 WriteProcessMemory 44942->44944 44945 7ea9c80 WriteProcessMemory 44942->44945 44943 7eab7eb 44943->44858 44944->44943 44945->44943 44947 7ea9a78 ResumeThread 44946->44947 44949 7ea9aa9 44947->44949 44949->44887 44951 7ea9a78 ResumeThread 44950->44951 44953 7ea9aa9 44951->44953 44953->44887 44955 7ea9ae8 Wow64SetThreadContext 44954->44955 44957 7ea9b75 44955->44957 44957->44892 44959 7ea9b2d Wow64SetThreadContext 44958->44959 44961 7ea9b75 44959->44961 44961->44892 44963 7eaa3c9 44962->44963 44963->44963 44964 7eaa52e CreateProcessA 44963->44964 44965 7eaa58b 44964->44965 44965->44965 44967 7eaa340 44966->44967 44967->44967 44968 7eaa52e CreateProcessA 44967->44968 44969 7eaa58b 44968->44969 44969->44969 44971 7ea9d70 ReadProcessMemory 44970->44971 44973 7ea9dff 44971->44973 44973->44903 44975 7ea9dbb ReadProcessMemory 44974->44975 44977 7ea9dff 44975->44977 44977->44903 44979 7ea9c7e WriteProcessMemory 44978->44979 44981 7ea9d1f 44979->44981 44981->44908 44983 7ea9cc8 WriteProcessMemory 44982->44983 44985 7ea9d1f 44983->44985 44985->44908 44987 7ea9bc0 VirtualAllocEx 44986->44987 44989 7ea9c3d 44987->44989 44989->44916 44991 7ea9c00 VirtualAllocEx 44990->44991 44993 7ea9c3d 44991->44993 44993->44916 45031 6661f58 45032 6661f5d 45031->45032 45034 6661fbe 45032->45034 45036 7cc13fa 45032->45036 45037 7cc1408 45036->45037 45038 6661fa0 45037->45038 45041 7cc1438 45037->45041 45045 7cc1448 45037->45045 45042 7cc1448 45041->45042 45043 7cc150c 45042->45043 45049 7cc2daa 45042->45049 45043->45038 45046 7cc144d 45045->45046 45047 7cc150c 45046->45047 45048 7cc2daa CloseHandle 45046->45048 45047->45038 45048->45047 45050 7cc2d54 CloseHandle 45049->45050 45053 7cc2db3 45049->45053 45052 7cc2d6f 45050->45052 45052->45043 45053->45043 45010 3074668 45011 3074669 45010->45011 45012 3074686 45011->45012 45014 3074779 45011->45014 45015 307477c 45014->45015 45019 3074878 45015->45019 45023 3074888 45015->45023 45021 307487c 45019->45021 45020 307498c 45020->45020 45021->45020 45027 30744b0 45021->45027 45025 3074889 45023->45025 45024 307498c 45025->45024 45026 30744b0 CreateActCtxA 45025->45026 45026->45024 45028 3075918 CreateActCtxA 45027->45028 45030 30759db 45028->45030 45054 307b1f8 45055 307b1fd 45054->45055 45058 307b2e0 45055->45058 45056 307b207 45062 307b2ec 45058->45062 45059 307b324 45059->45056 45060 307b528 GetModuleHandleW 45061 307b555 45060->45061 45061->45056 45062->45059 45062->45060

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 0 7cc8ac9-7cc8acc 1 7cc8b4d 0->1 2 7cc8ace-7cc8af0 0->2 3 7cc8b4f 1->3 4 7cc8b54-7cc8b92 call 7cc90d0 1->4 5 7cc8a74-7cc8a92 2->5 6 7cc8af2-7cc8b26 2->6 3->4 11 7cc8b98 4->11 7 7cc8a93-7cc8ac5 5->7 6->1 7->7 8 7cc8ac7-7cc8ac8 7->8 8->5 12 7cc8b9f-7cc8bbb 11->12 13 7cc8bbd 12->13 14 7cc8bc4-7cc8bc5 12->14 13->11 13->14 15 7cc8f1b-7cc8f22 13->15 16 7cc8ded-7cc8df1 13->16 17 7cc8cad-7cc8ccb 13->17 18 7cc8bca-7cc8bce 13->18 19 7cc8c0b-7cc8c14 13->19 20 7cc8eab-7cc8ed0 13->20 21 7cc8c40-7cc8c58 13->21 22 7cc8da3-7cc8db8 13->22 23 7cc8dbd-7cc8dc1 13->23 24 7cc8e1d-7cc8e29 13->24 25 7cc8d1f-7cc8d31 13->25 26 7cc8eff-7cc8f16 13->26 27 7cc8cfa-7cc8d1a 13->27 28 7cc8d5b-7cc8d72 13->28 29 7cc8ed5-7cc8ee1 13->29 30 7cc8d36-7cc8d56 13->30 31 7cc8c96-7cc8ca8 13->31 32 7cc8d77-7cc8d8c 13->32 33 7cc8bf7-7cc8c09 13->33 34 7cc8cd0-7cc8cdc 13->34 35 7cc8d91-7cc8d9e 13->35 14->15 50 7cc8e04-7cc8e0b 16->50 51 7cc8df3-7cc8e02 16->51 17->12 40 7cc8bd0-7cc8bdf 18->40 41 7cc8be1-7cc8be8 18->41 42 7cc8c16-7cc8c25 19->42 43 7cc8c27-7cc8c2e 19->43 20->12 44 7cc8c5f-7cc8c75 21->44 45 7cc8c5a 21->45 22->12 46 7cc8dd4-7cc8ddb 23->46 47 7cc8dc3-7cc8dd2 23->47 36 7cc8e2b 24->36 37 7cc8e30-7cc8e46 24->37 25->12 26->12 27->12 28->12 48 7cc8ee8-7cc8efa 29->48 49 7cc8ee3 29->49 30->12 31->12 32->12 33->12 38 7cc8cde 34->38 39 7cc8ce3-7cc8cf5 34->39 35->12 36->37 64 7cc8e4d-7cc8e63 37->64 65 7cc8e48 37->65 38->39 39->12 55 7cc8bef-7cc8bf5 40->55 41->55 57 7cc8c35-7cc8c3b 42->57 43->57 66 7cc8c7c-7cc8c91 44->66 67 7cc8c77 44->67 45->44 59 7cc8de2-7cc8de8 46->59 47->59 48->12 49->48 52 7cc8e12-7cc8e18 50->52 51->52 52->12 55->12 57->12 59->12 70 7cc8e6a-7cc8e80 64->70 71 7cc8e65 64->71 65->64 66->12 67->66 73 7cc8e87-7cc8ea6 70->73 74 7cc8e82 70->74 71->70 73->12 74->73
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: ry$ry$ry
                                                                                                                                                                                                                                        • API String ID: 0-128149707
                                                                                                                                                                                                                                        • Opcode ID: d98aea7d506ab6f7f6bc80bd5a5db59ae8a5fb235d49b7e2032ed7d417843186
                                                                                                                                                                                                                                        • Instruction ID: 17753e8543a9d19f8b671d4d39736998433ec3698f92675c4d7c6721689a0cbe
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d98aea7d506ab6f7f6bc80bd5a5db59ae8a5fb235d49b7e2032ed7d417843186
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8BE19CB5D1421ACFCB08CFA5D8819EEFBB2FF49310F24855AD911AB254D734AA42CF94

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 77 7cc8b28-7cc8b4d 79 7cc8b4f 77->79 80 7cc8b54-7cc8b92 call 7cc90d0 77->80 79->80 82 7cc8b98 80->82 83 7cc8b9f-7cc8bbb 82->83 84 7cc8bbd 83->84 85 7cc8bc4-7cc8bc5 83->85 84->82 84->85 86 7cc8f1b-7cc8f22 84->86 87 7cc8ded-7cc8df1 84->87 88 7cc8cad-7cc8ccb 84->88 89 7cc8bca-7cc8bce 84->89 90 7cc8c0b-7cc8c14 84->90 91 7cc8eab-7cc8ed0 84->91 92 7cc8c40-7cc8c58 84->92 93 7cc8da3-7cc8db8 84->93 94 7cc8dbd-7cc8dc1 84->94 95 7cc8e1d-7cc8e29 84->95 96 7cc8d1f-7cc8d31 84->96 97 7cc8eff-7cc8f16 84->97 98 7cc8cfa-7cc8d1a 84->98 99 7cc8d5b-7cc8d72 84->99 100 7cc8ed5-7cc8ee1 84->100 101 7cc8d36-7cc8d56 84->101 102 7cc8c96-7cc8ca8 84->102 103 7cc8d77-7cc8d8c 84->103 104 7cc8bf7-7cc8c09 84->104 105 7cc8cd0-7cc8cdc 84->105 106 7cc8d91-7cc8d9e 84->106 85->86 121 7cc8e04-7cc8e0b 87->121 122 7cc8df3-7cc8e02 87->122 88->83 111 7cc8bd0-7cc8bdf 89->111 112 7cc8be1-7cc8be8 89->112 113 7cc8c16-7cc8c25 90->113 114 7cc8c27-7cc8c2e 90->114 91->83 115 7cc8c5f-7cc8c75 92->115 116 7cc8c5a 92->116 93->83 117 7cc8dd4-7cc8ddb 94->117 118 7cc8dc3-7cc8dd2 94->118 107 7cc8e2b 95->107 108 7cc8e30-7cc8e46 95->108 96->83 97->83 98->83 99->83 119 7cc8ee8-7cc8efa 100->119 120 7cc8ee3 100->120 101->83 102->83 103->83 104->83 109 7cc8cde 105->109 110 7cc8ce3-7cc8cf5 105->110 106->83 107->108 135 7cc8e4d-7cc8e63 108->135 136 7cc8e48 108->136 109->110 110->83 126 7cc8bef-7cc8bf5 111->126 112->126 128 7cc8c35-7cc8c3b 113->128 114->128 137 7cc8c7c-7cc8c91 115->137 138 7cc8c77 115->138 116->115 130 7cc8de2-7cc8de8 117->130 118->130 119->83 120->119 123 7cc8e12-7cc8e18 121->123 122->123 123->83 126->83 128->83 130->83 141 7cc8e6a-7cc8e80 135->141 142 7cc8e65 135->142 136->135 137->83 138->137 144 7cc8e87-7cc8ea6 141->144 145 7cc8e82 141->145 142->141 144->83 145->144
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: ry$ry$ry
                                                                                                                                                                                                                                        • API String ID: 0-128149707
                                                                                                                                                                                                                                        • Opcode ID: 6e9052ffe463d15f8f0ba5a87b562c096b52566dbeebe09a243c78101979af13
                                                                                                                                                                                                                                        • Instruction ID: 1cb5124ec4cf92c9ff980484994701464d81339f55b74a942d7fadeb9a365b50
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e9052ffe463d15f8f0ba5a87b562c096b52566dbeebe09a243c78101979af13
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7AC136B4E1421ADFCB04CFA6D8858AEFBB2FF89310F108559D515AB354D734AA82CF94

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 148 7cc8b27-7cc8b4d 151 7cc8b4f 148->151 152 7cc8b54-7cc8b92 call 7cc90d0 148->152 151->152 154 7cc8b98 152->154 155 7cc8b9f-7cc8bbb 154->155 156 7cc8bbd 155->156 157 7cc8bc4-7cc8bc5 155->157 156->154 156->157 158 7cc8f1b-7cc8f22 156->158 159 7cc8ded-7cc8df1 156->159 160 7cc8cad-7cc8ccb 156->160 161 7cc8bca-7cc8bce 156->161 162 7cc8c0b-7cc8c14 156->162 163 7cc8eab-7cc8ed0 156->163 164 7cc8c40-7cc8c58 156->164 165 7cc8da3-7cc8db8 156->165 166 7cc8dbd-7cc8dc1 156->166 167 7cc8e1d-7cc8e29 156->167 168 7cc8d1f-7cc8d31 156->168 169 7cc8eff-7cc8f16 156->169 170 7cc8cfa-7cc8d1a 156->170 171 7cc8d5b-7cc8d72 156->171 172 7cc8ed5-7cc8ee1 156->172 173 7cc8d36-7cc8d56 156->173 174 7cc8c96-7cc8ca8 156->174 175 7cc8d77-7cc8d8c 156->175 176 7cc8bf7-7cc8c09 156->176 177 7cc8cd0-7cc8cdc 156->177 178 7cc8d91-7cc8d9e 156->178 157->158 193 7cc8e04-7cc8e0b 159->193 194 7cc8df3-7cc8e02 159->194 160->155 183 7cc8bd0-7cc8bdf 161->183 184 7cc8be1-7cc8be8 161->184 185 7cc8c16-7cc8c25 162->185 186 7cc8c27-7cc8c2e 162->186 163->155 187 7cc8c5f-7cc8c75 164->187 188 7cc8c5a 164->188 165->155 189 7cc8dd4-7cc8ddb 166->189 190 7cc8dc3-7cc8dd2 166->190 179 7cc8e2b 167->179 180 7cc8e30-7cc8e46 167->180 168->155 169->155 170->155 171->155 191 7cc8ee8-7cc8efa 172->191 192 7cc8ee3 172->192 173->155 174->155 175->155 176->155 181 7cc8cde 177->181 182 7cc8ce3-7cc8cf5 177->182 178->155 179->180 207 7cc8e4d-7cc8e63 180->207 208 7cc8e48 180->208 181->182 182->155 198 7cc8bef-7cc8bf5 183->198 184->198 200 7cc8c35-7cc8c3b 185->200 186->200 209 7cc8c7c-7cc8c91 187->209 210 7cc8c77 187->210 188->187 202 7cc8de2-7cc8de8 189->202 190->202 191->155 192->191 195 7cc8e12-7cc8e18 193->195 194->195 195->155 198->155 200->155 202->155 213 7cc8e6a-7cc8e80 207->213 214 7cc8e65 207->214 208->207 209->155 210->209 216 7cc8e87-7cc8ea6 213->216 217 7cc8e82 213->217 214->213 216->155 217->216
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: ry$ry$ry
                                                                                                                                                                                                                                        • API String ID: 0-128149707
                                                                                                                                                                                                                                        • Opcode ID: 0e3981f19d74a321dd61c9d31c17e8e00e7daefa42ad579bd4235790fd781454
                                                                                                                                                                                                                                        • Instruction ID: ed84825694a91a9fe880d1c21bc44b46659402cd820e4f6ac568fbaa6b108838
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e3981f19d74a321dd61c9d31c17e8e00e7daefa42ad579bd4235790fd781454
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91C126B4E1421ADFCB04CFA6D8858AEFBB2FF89310F108559D411AB354D734AA82CF94

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 220 7ccf418-7ccf43d 221 7ccf43f 220->221 222 7ccf444-7ccf475 220->222 221->222 223 7ccf476 222->223 224 7ccf47d-7ccf499 223->224 225 7ccf49b 224->225 226 7ccf4a2-7ccf4a3 224->226 225->223 227 7ccf70f-7ccf718 225->227 228 7ccf4a8-7ccf4ea 225->228 229 7ccf5ac-7ccf5b0 225->229 230 7ccf4ec-7ccf4ff 225->230 231 7ccf68e-7ccf6a6 225->231 232 7ccf64f-7ccf662 225->232 233 7ccf6ab-7ccf6bd 225->233 234 7ccf504-7ccf52b 225->234 235 7ccf547-7ccf54a 225->235 236 7ccf6c2-7ccf6d4 225->236 237 7ccf623-7ccf64a 225->237 238 7ccf5e3-7ccf5f6 225->238 239 7ccf578-7ccf58f 225->239 240 7ccf6d9-7ccf6f0 225->240 241 7ccf5fb-7ccf610 225->241 242 7ccf594-7ccf5a7 225->242 243 7ccf615-7ccf61e 225->243 244 7ccf6f5-7ccf70a 225->244 245 7ccf530-7ccf542 225->245 226->227 226->228 228->224 246 7ccf5b2-7ccf5c1 229->246 247 7ccf5c3-7ccf5ca 229->247 230->224 231->224 248 7ccf664-7ccf673 232->248 249 7ccf675-7ccf67c 232->249 233->224 234->224 257 7ccf54d call 7cc6a3c 235->257 258 7ccf54d call 7ccf858 235->258 236->224 237->224 238->224 239->224 240->224 241->224 242->224 243->224 244->224 245->224 254 7ccf5d1-7ccf5de 246->254 247->254 251 7ccf683-7ccf689 248->251 249->251 251->224 253 7ccf553-7ccf573 253->224 254->224 257->253 258->253
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: TuA$UC;"
                                                                                                                                                                                                                                        • API String ID: 0-2071649361
                                                                                                                                                                                                                                        • Opcode ID: fd5625e40073b36fe804d9b03462ef095f22d3fc655afe6f9f2e6c3eaa279904
                                                                                                                                                                                                                                        • Instruction ID: 813ab8ad2ba2b4fad4549227e43e44f133fced8bda639e976e5fc75e283c20fc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd5625e40073b36fe804d9b03462ef095f22d3fc655afe6f9f2e6c3eaa279904
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B91E7B5D25209EFCB08CFA6E58199EFBF2FF89350F10942AE415AB264D7349942CF50

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 259 7ccf408-7ccf43d 260 7ccf43f 259->260 261 7ccf444-7ccf475 259->261 260->261 262 7ccf476 261->262 263 7ccf47d-7ccf499 262->263 264 7ccf49b 263->264 265 7ccf4a2-7ccf4a3 263->265 264->262 266 7ccf70f-7ccf718 264->266 267 7ccf4a8-7ccf4ea 264->267 268 7ccf5ac-7ccf5b0 264->268 269 7ccf4ec-7ccf4ff 264->269 270 7ccf68e-7ccf6a6 264->270 271 7ccf64f-7ccf662 264->271 272 7ccf6ab-7ccf6bd 264->272 273 7ccf504-7ccf52b 264->273 274 7ccf547-7ccf54a 264->274 275 7ccf6c2-7ccf6d4 264->275 276 7ccf623-7ccf64a 264->276 277 7ccf5e3-7ccf5f6 264->277 278 7ccf578-7ccf58f 264->278 279 7ccf6d9-7ccf6f0 264->279 280 7ccf5fb-7ccf610 264->280 281 7ccf594-7ccf5a7 264->281 282 7ccf615-7ccf61e 264->282 283 7ccf6f5-7ccf70a 264->283 284 7ccf530-7ccf542 264->284 265->266 265->267 267->263 285 7ccf5b2-7ccf5c1 268->285 286 7ccf5c3-7ccf5ca 268->286 269->263 270->263 287 7ccf664-7ccf673 271->287 288 7ccf675-7ccf67c 271->288 272->263 273->263 296 7ccf54d call 7cc6a3c 274->296 297 7ccf54d call 7ccf858 274->297 275->263 276->263 277->263 278->263 279->263 280->263 281->263 282->263 283->263 284->263 293 7ccf5d1-7ccf5de 285->293 286->293 290 7ccf683-7ccf689 287->290 288->290 290->263 292 7ccf553-7ccf573 292->263 293->263 296->292 297->292
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: TuA$UC;"
                                                                                                                                                                                                                                        • API String ID: 0-2071649361
                                                                                                                                                                                                                                        • Opcode ID: 6299fb95e3c02083378b948dbc815b8599a4f7582ca808c156f7a4d110d02195
                                                                                                                                                                                                                                        • Instruction ID: 1085767bb60c01ce1e891b91fe4c8ea41a4f6e062a675a1d2446140266f357ba
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6299fb95e3c02083378b948dbc815b8599a4f7582ca808c156f7a4d110d02195
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B91F9B5D24209EFCB08CFA6E58199EFBF2EF89350F10942AE415BB264D7349941CF50

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 531 7ea05f0-7ea0615 532 7ea061c-7ea0675 531->532 533 7ea0617 531->533 534 7ea0676 532->534 533->532 535 7ea067d-7ea0699 534->535 536 7ea069b 535->536 537 7ea06a2-7ea06a3 535->537 536->534 538 7ea06a8-7ea06ba 536->538 539 7ea07a8-7ea07b1 536->539 540 7ea086c-7ea0870 536->540 541 7ea0962-7ea0975 536->541 542 7ea08a3-7ea08bb 536->542 543 7ea0821-7ea0833 536->543 544 7ea09e6-7ea09ea 536->544 545 7ea097a-7ea09a5 536->545 546 7ea0838-7ea084b 536->546 547 7ea0a39-7ea0a42 536->547 548 7ea0779-7ea0782 536->548 549 7ea06bc-7ea06c8 536->549 550 7ea093c-7ea0945 536->550 551 7ea0736-7ea074b 536->551 552 7ea094a-7ea095d 536->552 553 7ea06ca-7ea06dd 536->553 554 7ea070d-7ea0731 536->554 555 7ea0902-7ea0917 536->555 556 7ea0800-7ea081c 536->556 557 7ea08c0-7ea08fd 536->557 558 7ea09d8-7ea09e1 536->558 559 7ea06df-7ea06e3 536->559 560 7ea0a1d-7ea0a34 536->560 561 7ea0750-7ea0774 536->561 562 7ea0850-7ea0867 536->562 563 7ea07d7-7ea07fb 536->563 537->538 537->547 538->535 570 7ea07b8-7ea07d2 539->570 571 7ea07b3 539->571 572 7ea0872-7ea0881 540->572 573 7ea0883-7ea088a 540->573 541->535 542->535 543->535 566 7ea09ec-7ea09fb 544->566 567 7ea09fd-7ea0a04 544->567 582 7ea09ac-7ea09d3 545->582 583 7ea09a7 545->583 546->535 568 7ea0789-7ea07a3 548->568 569 7ea0784 548->569 549->535 550->535 551->535 552->535 553->535 554->535 564 7ea0919 555->564 565 7ea091e-7ea0937 555->565 556->535 557->535 558->535 576 7ea06ed-7ea0708 559->576 560->535 561->535 562->535 563->535 564->565 565->535 578 7ea0a0b-7ea0a18 566->578 567->578 568->535 569->568 570->535 571->570 575 7ea0891-7ea089e 572->575 573->575 575->535 576->535 578->535 582->535 583->582
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: {#L
                                                                                                                                                                                                                                        • API String ID: 0-1361971085
                                                                                                                                                                                                                                        • Opcode ID: 5d0507900f95cfd4c9e91b59a676db54ecad2552dba3b0dedcb60be543d4b244
                                                                                                                                                                                                                                        • Instruction ID: 4b54db1e63edd899c850094202316eab851585275d751cdf8c41db12dadb921c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d0507900f95cfd4c9e91b59a676db54ecad2552dba3b0dedcb60be543d4b244
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6ED1F8B0E15219DFCB18CFAAD58059EFBF2BF89344F14E52AD415AB224E734A942CF50

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 584 7ea05e0-7ea0615 585 7ea061c-7ea0675 584->585 586 7ea0617 584->586 587 7ea0676 585->587 586->585 588 7ea067d-7ea0699 587->588 589 7ea069b 588->589 590 7ea06a2-7ea06a3 588->590 589->587 591 7ea06a8-7ea06ba 589->591 592 7ea07a8-7ea07b1 589->592 593 7ea086c-7ea0870 589->593 594 7ea0962-7ea0975 589->594 595 7ea08a3-7ea08bb 589->595 596 7ea0821-7ea0833 589->596 597 7ea09e6-7ea09ea 589->597 598 7ea097a-7ea09a5 589->598 599 7ea0838-7ea084b 589->599 600 7ea0a39-7ea0a42 589->600 601 7ea0779-7ea0782 589->601 602 7ea06bc-7ea06c8 589->602 603 7ea093c-7ea0945 589->603 604 7ea0736-7ea074b 589->604 605 7ea094a-7ea095d 589->605 606 7ea06ca-7ea06dd 589->606 607 7ea070d-7ea0731 589->607 608 7ea0902-7ea0917 589->608 609 7ea0800-7ea081c 589->609 610 7ea08c0-7ea08fd 589->610 611 7ea09d8-7ea09e1 589->611 612 7ea06df-7ea06e3 589->612 613 7ea0a1d-7ea0a34 589->613 614 7ea0750-7ea0774 589->614 615 7ea0850-7ea0867 589->615 616 7ea07d7-7ea07fb 589->616 590->591 590->600 591->588 623 7ea07b8-7ea07d2 592->623 624 7ea07b3 592->624 625 7ea0872-7ea0881 593->625 626 7ea0883-7ea088a 593->626 594->588 595->588 596->588 619 7ea09ec-7ea09fb 597->619 620 7ea09fd-7ea0a04 597->620 635 7ea09ac-7ea09d3 598->635 636 7ea09a7 598->636 599->588 621 7ea0789-7ea07a3 601->621 622 7ea0784 601->622 602->588 603->588 604->588 605->588 606->588 607->588 617 7ea0919 608->617 618 7ea091e-7ea0937 608->618 609->588 610->588 611->588 629 7ea06ed-7ea0708 612->629 613->588 614->588 615->588 616->588 617->618 618->588 631 7ea0a0b-7ea0a18 619->631 620->631 621->588 622->621 623->588 624->623 628 7ea0891-7ea089e 625->628 626->628 628->588 629->588 631->588 635->588 636->635
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: {#L
                                                                                                                                                                                                                                        • API String ID: 0-1361971085
                                                                                                                                                                                                                                        • Opcode ID: 0c38839bfe27accfe1d5c4ff5fb1554eca287ff2c920872898a728c4efc709b2
                                                                                                                                                                                                                                        • Instruction ID: 038fd3a0aa45f387ac59d930d01878f2117eef9bd888753ec302ee070ef3fcea
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c38839bfe27accfe1d5c4ff5fb1554eca287ff2c920872898a728c4efc709b2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CCD1F8B0E15219DBCB18CFAAD98059DFBF2BF89344F14E52AD415AB224E734A942CF50
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: z^I
                                                                                                                                                                                                                                        • API String ID: 0-307258731
                                                                                                                                                                                                                                        • Opcode ID: af82fd0ac006786961e95b910af8a7bdabdf331e827ab9ed6fe44a7d88a5dbbc
                                                                                                                                                                                                                                        • Instruction ID: a477d58f942f1ca6300673697aa5c695c6e4c72bbd3111a4e303d6a43ab51519
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: af82fd0ac006786961e95b910af8a7bdabdf331e827ab9ed6fe44a7d88a5dbbc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4FB14AB5E142198FCB08CFAAD9806EDFBB2FF89310F24842AD515BB654D7349912CF64
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: z^I
                                                                                                                                                                                                                                        • API String ID: 0-307258731
                                                                                                                                                                                                                                        • Opcode ID: bed53181a0fd86a686b6134f0733988861c59dba7840a9d5e85105ef802980e2
                                                                                                                                                                                                                                        • Instruction ID: f329602ffd3f8a0ef22e25f54d1bf5490db9127a8812aa73cc72ee4b55264902
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bed53181a0fd86a686b6134f0733988861c59dba7840a9d5e85105ef802980e2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81A125B5E142098FCB08CFAAD980AEDFBB2FF89310F24942AD515BB254D7349912CF54
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: z^I
                                                                                                                                                                                                                                        • API String ID: 0-307258731
                                                                                                                                                                                                                                        • Opcode ID: ac1da5687382a484e172a799cf69d2916f65668349e6ae7ee30434bcf5a7826a
                                                                                                                                                                                                                                        • Instruction ID: 6cd799dc27d89a6055cfa66066ec8edfcf90c9d5b241d20299e3459bb88bee29
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac1da5687382a484e172a799cf69d2916f65668349e6ae7ee30434bcf5a7826a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8991C4B4E142198FCB48CFAAC9846ADFBB2FF89310F24942AD515BB354D7349906CF54
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: 5=6
                                                                                                                                                                                                                                        • API String ID: 0-2897083178
                                                                                                                                                                                                                                        • Opcode ID: 35944798e307fc1557a087fef2b11d604d8485a5a5bc63df2f00f8a3e2827143
                                                                                                                                                                                                                                        • Instruction ID: 9695609b731c5dbbabd498267ac10b272070f4c99ce26831e53e8338e55a55b8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35944798e307fc1557a087fef2b11d604d8485a5a5bc63df2f00f8a3e2827143
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68714B74E1520A9FCB08CFA6D9415AEFBF2FF89300F10A52AD416E7364DB349A028F54
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: 5=6
                                                                                                                                                                                                                                        • API String ID: 0-2897083178
                                                                                                                                                                                                                                        • Opcode ID: e204e840331251bb8e25ad3025617b8412ade3a0a41c1ad1a4c2c96ef24967be
                                                                                                                                                                                                                                        • Instruction ID: 206e8c299213c70a448a09d7df491356b2b0734f1292f4a762bf5f7531b7929d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e204e840331251bb8e25ad3025617b8412ade3a0a41c1ad1a4c2c96ef24967be
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D613A74E1520A9FCB08CFA6D9455AEFBF2FF89310F10A52AD416E7364DB349A028F54
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 9418bb034317ae6a03f072776a06535edb8b2eee839a18ac5ac9ca3b14f1dd07
                                                                                                                                                                                                                                        • Instruction ID: 1f72b7c643ae35d6e405d608f5f0a7b6c02ab4d99b79d073e187ba9bbf87d9cf
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9418bb034317ae6a03f072776a06535edb8b2eee839a18ac5ac9ca3b14f1dd07
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29328BB4B02205AFDB18DB69C850BAEBBF6AF89704F244069D145DF794DB30ED41CB51
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 4ab29031c9a931a554724d13ef95d6a286e66205027a8494db36299d149c1530
                                                                                                                                                                                                                                        • Instruction ID: 8e8b7c2c657f9ad7037870c9c48d0b3f44ca7e16323b3503ca8890aa95695338
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ab29031c9a931a554724d13ef95d6a286e66205027a8494db36299d149c1530
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B242D474E0021A8FDB64CF69D880BA9FBB2BF88310F15C1A9D459AB751DB319E85CF50
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 537d1a3ddddfffef161ee1af37c745bfb168991d4dbbf7c562ff73b36dad23ac
                                                                                                                                                                                                                                        • Instruction ID: 15197544a81b7362f0f2ddd2a3dccc1e79ae5af9a5c3a1feb5fddea5d90e46ce
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 537d1a3ddddfffef161ee1af37c745bfb168991d4dbbf7c562ff73b36dad23ac
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80B1D9B1D16209DFDB58CFA6D5805DEFBB2FF89304F20E42AD415AB254E734AA468F10
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 3b53b59fb46572893824321950ac68af16d75a95e3436b200d47b8a6a1b9cd27
                                                                                                                                                                                                                                        • Instruction ID: 5af4b7d40fb1549eab28b0142f4e419fb5858ad0474e8fa1fca1b25a5424dfef
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b53b59fb46572893824321950ac68af16d75a95e3436b200d47b8a6a1b9cd27
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78B1E8B1D16209DFDB58CFA6D5806DEFBB2FF89204F20942AD415AB254E734AA46CF10
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2145794660.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_3070000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 393b98748c813deb26e0ab192d38c94cf654f3323c08c4d1588c4674de1a43f7
                                                                                                                                                                                                                                        • Instruction ID: 1ab68a27c7ec5bc616344144fe9234dee39d152888f24e6177e087159b3dce9f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 393b98748c813deb26e0ab192d38c94cf654f3323c08c4d1588c4674de1a43f7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2691A074E01249CFDB54DFA9D884ADEBBB2BF89300F1485A9D419AB365DB30AD41CF50
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2145794660.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_3070000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 74d1b0916471ca76793403d000872c0a710ad1c30a8744472d5a2a8265dfe77a
                                                                                                                                                                                                                                        • Instruction ID: 415ba8dba02b7107041d4cde2bcb9f8805a7aa58cb36638a61d4d70ea6ce0590
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74d1b0916471ca76793403d000872c0a710ad1c30a8744472d5a2a8265dfe77a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B91A074E01209CFDB54DFA9D884A9EBBB2FF89300F5085A9D419AB365DB30AD41CF50
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: c03b1669c14a23fa98a16eb6a5893157ff9ae50b06bf451a97a8d237973fa339
                                                                                                                                                                                                                                        • Instruction ID: 89dc4250755946986fd2f767457d99ff6e68d53c39de1e525689c1f2f2400cac
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c03b1669c14a23fa98a16eb6a5893157ff9ae50b06bf451a97a8d237973fa339
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B631D7B1E006588BDB18CFABD8447DEBBB7AFC9314F14C06AD409AB264DB355A45CF50

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 298 7eaa334-7eaa3d5 301 7eaa40e-7eaa42e 298->301 302 7eaa3d7-7eaa3e1 298->302 309 7eaa430-7eaa43a 301->309 310 7eaa467-7eaa496 301->310 302->301 303 7eaa3e3-7eaa3e5 302->303 304 7eaa408-7eaa40b 303->304 305 7eaa3e7-7eaa3f1 303->305 304->301 307 7eaa3f3 305->307 308 7eaa3f5-7eaa404 305->308 307->308 308->308 311 7eaa406 308->311 309->310 312 7eaa43c-7eaa43e 309->312 316 7eaa498-7eaa4a2 310->316 317 7eaa4cf-7eaa589 CreateProcessA 310->317 311->304 314 7eaa440-7eaa44a 312->314 315 7eaa461-7eaa464 312->315 318 7eaa44e-7eaa45d 314->318 319 7eaa44c 314->319 315->310 316->317 320 7eaa4a4-7eaa4a6 316->320 330 7eaa58b-7eaa591 317->330 331 7eaa592-7eaa618 317->331 318->318 321 7eaa45f 318->321 319->318 322 7eaa4a8-7eaa4b2 320->322 323 7eaa4c9-7eaa4cc 320->323 321->315 325 7eaa4b6-7eaa4c5 322->325 326 7eaa4b4 322->326 323->317 325->325 327 7eaa4c7 325->327 326->325 327->323 330->331 341 7eaa61a-7eaa61e 331->341 342 7eaa628-7eaa62c 331->342 341->342 343 7eaa620 341->343 344 7eaa62e-7eaa632 342->344 345 7eaa63c-7eaa640 342->345 343->342 344->345 346 7eaa634 344->346 347 7eaa642-7eaa646 345->347 348 7eaa650-7eaa654 345->348 346->345 347->348 349 7eaa648 347->349 350 7eaa666-7eaa66d 348->350 351 7eaa656-7eaa65c 348->351 349->348 352 7eaa66f-7eaa67e 350->352 353 7eaa684 350->353 351->350 352->353 355 7eaa685 353->355 355->355
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07EAA576
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CreateProcess
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 963392458-0
                                                                                                                                                                                                                                        • Opcode ID: ad5bcf710673d3b73fdc66bca5ea636d9ce97de055d8b41d10c39c2107a8c063
                                                                                                                                                                                                                                        • Instruction ID: 61560756de0759cee7efb6e0ac59e80d2712d59569eb116b8ad89b06c5cac174
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad5bcf710673d3b73fdc66bca5ea636d9ce97de055d8b41d10c39c2107a8c063
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACA15CB1D0131ADFEF24DF68C8457EDBBB2AB48314F1491A9E848AB240DB749985CF91

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 356 7eaa340-7eaa3d5 358 7eaa40e-7eaa42e 356->358 359 7eaa3d7-7eaa3e1 356->359 366 7eaa430-7eaa43a 358->366 367 7eaa467-7eaa496 358->367 359->358 360 7eaa3e3-7eaa3e5 359->360 361 7eaa408-7eaa40b 360->361 362 7eaa3e7-7eaa3f1 360->362 361->358 364 7eaa3f3 362->364 365 7eaa3f5-7eaa404 362->365 364->365 365->365 368 7eaa406 365->368 366->367 369 7eaa43c-7eaa43e 366->369 373 7eaa498-7eaa4a2 367->373 374 7eaa4cf-7eaa589 CreateProcessA 367->374 368->361 371 7eaa440-7eaa44a 369->371 372 7eaa461-7eaa464 369->372 375 7eaa44e-7eaa45d 371->375 376 7eaa44c 371->376 372->367 373->374 377 7eaa4a4-7eaa4a6 373->377 387 7eaa58b-7eaa591 374->387 388 7eaa592-7eaa618 374->388 375->375 378 7eaa45f 375->378 376->375 379 7eaa4a8-7eaa4b2 377->379 380 7eaa4c9-7eaa4cc 377->380 378->372 382 7eaa4b6-7eaa4c5 379->382 383 7eaa4b4 379->383 380->374 382->382 384 7eaa4c7 382->384 383->382 384->380 387->388 398 7eaa61a-7eaa61e 388->398 399 7eaa628-7eaa62c 388->399 398->399 400 7eaa620 398->400 401 7eaa62e-7eaa632 399->401 402 7eaa63c-7eaa640 399->402 400->399 401->402 403 7eaa634 401->403 404 7eaa642-7eaa646 402->404 405 7eaa650-7eaa654 402->405 403->402 404->405 406 7eaa648 404->406 407 7eaa666-7eaa66d 405->407 408 7eaa656-7eaa65c 405->408 406->405 409 7eaa66f-7eaa67e 407->409 410 7eaa684 407->410 408->407 409->410 412 7eaa685 410->412 412->412
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07EAA576
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CreateProcess
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 963392458-0
                                                                                                                                                                                                                                        • Opcode ID: 96e5959646f363f7104d07a37c38ea39f2eca190f0fb1bf6ff8e98b82dc29ce5
                                                                                                                                                                                                                                        • Instruction ID: 292e911d80b6f5e02711fafce98aa6a5609094d07147c44336ee96ac39d411ad
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96e5959646f363f7104d07a37c38ea39f2eca190f0fb1bf6ff8e98b82dc29ce5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02915CB1D0131ADFEF24DF68C8457EDBBB2AB48314F1481A9E808AB240DB749985CF91

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 413 307b2e0-307b2ea 414 307b2f1-307b2f4 413->414 415 307b2ec-307b2ee 413->415 416 307b2f5-307b2ff 414->416 415->416 417 307b2f0 415->417 418 307b301-307b30e call 307aca4 416->418 419 307b32b-307b32f 416->419 417->414 425 307b324 418->425 426 307b310 418->426 421 307b343-307b384 419->421 422 307b331-307b33b 419->422 428 307b386-307b38e 421->428 429 307b391-307b39f 421->429 422->421 425->419 479 307b316 call 307b578 426->479 480 307b316 call 307b588 426->480 428->429 430 307b3c3-307b3c5 429->430 431 307b3a1-307b3a6 429->431 436 307b3c8-307b3cf 430->436 433 307b3b1 431->433 434 307b3a8-307b3af call 307acb0 431->434 432 307b31c-307b31e 432->425 435 307b460-307b47e 432->435 438 307b3b3-307b3c1 433->438 434->438 452 307b485 435->452 439 307b3d1-307b3d9 436->439 440 307b3dc-307b3e3 436->440 438->436 439->440 441 307b3e5-307b3ed 440->441 442 307b3f0-307b3f9 call 307acc0 440->442 441->442 448 307b406-307b40b 442->448 449 307b3fb-307b403 442->449 450 307b40d-307b414 448->450 451 307b429-307b42d 448->451 449->448 450->451 453 307b416-307b426 call 307acd0 call 307ace0 450->453 477 307b430 call 307b841 451->477 478 307b430 call 307b868 451->478 454 307b487 452->454 455 307b48e-307b4d8 452->455 453->451 457 307b4d9-307b4da 454->457 458 307b488-307b48b 454->458 455->452 455->457 460 307b4e1-307b520 457->460 461 307b4dc-307b4df 457->461 458->455 459 307b433-307b436 464 307b459-307b45f 459->464 465 307b438-307b456 459->465 466 307b522-307b525 460->466 467 307b528-307b553 GetModuleHandleW 460->467 461->460 465->464 466->467 469 307b555-307b55b 467->469 470 307b55c-307b570 467->470 469->470 477->459 478->459 479->432 480->432
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0307B546
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2145794660.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_3070000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                                                                                                        • Opcode ID: 4c7ac8a729e250fa332d56bbbe9f0c5a41b9e725c99bff38d79f2d16dbe63203
                                                                                                                                                                                                                                        • Instruction ID: ba43f84544e62daa22108d8a38b30a0ee3d3a58367d9f10c95da3204f89dc86a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c7ac8a729e250fa332d56bbbe9f0c5a41b9e725c99bff38d79f2d16dbe63203
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53817770A01B058FD764DF6AD4457AABBF1FF88200F04892DD08ADBB50EB74E845CB98

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 481 307590d-307590e 482 3075915-3075916 481->482 483 3075910-3075914 481->483 484 307591d-30759d9 CreateActCtxA 482->484 485 3075918-307591c 482->485 483->482 487 30759e2-3075a3c 484->487 488 30759db-30759e1 484->488 485->484 495 3075a3e-3075a41 487->495 496 3075a4b-3075a4f 487->496 488->487 495->496 497 3075a51-3075a5d 496->497 498 3075a60 496->498 497->498 500 3075a61 498->500 500->500
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 030759C9
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2145794660.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_3070000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                                                                                                                        • Opcode ID: 81cd850be37f36d3a419445d77fc299d36a9f90f86f8656cb6b57015d56ff6c0
                                                                                                                                                                                                                                        • Instruction ID: a9aeedab29c6cd8e7fbf685d9495d180d3d44b9c7992f3a7147abc8c4864fa29
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81cd850be37f36d3a419445d77fc299d36a9f90f86f8656cb6b57015d56ff6c0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B141F2B0C0172DDADB24CFA9C9847CEBBF1BF49704F24806AD408AB255DBB16945CF90

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 501 30744b0-30759d9 CreateActCtxA 505 30759e2-3075a3c 501->505 506 30759db-30759e1 501->506 513 3075a3e-3075a41 505->513 514 3075a4b-3075a4f 505->514 506->505 513->514 515 3075a51-3075a5d 514->515 516 3075a60 514->516 515->516 518 3075a61 516->518 518->518
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 030759C9
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2145794660.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_3070000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                                                                                                                        • Opcode ID: 61bd2684a8d86080d1120571e92c3b94868dcd1d4c91cae2adb913d98ec5582e
                                                                                                                                                                                                                                        • Instruction ID: 41a295ca301295fe1096c7284032057c92b52a1e7a1724fc3634e856e8df0b86
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61bd2684a8d86080d1120571e92c3b94868dcd1d4c91cae2adb913d98ec5582e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F41EFB0C0172DDBDB24DFA9C884BDEBBB5BF49304F20806AD408AB251DBB16945CF90

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 519 7ea9c79-7ea9cce 523 7ea9cde-7ea9d1d WriteProcessMemory 519->523 524 7ea9cd0-7ea9cdc 519->524 526 7ea9d1f-7ea9d25 523->526 527 7ea9d26-7ea9d56 523->527 524->523 526->527
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07EA9D10
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3559483778-0
                                                                                                                                                                                                                                        • Opcode ID: 480521c746e961e5bfcf08e6a8a0dbe919b62b55e733c41fdbc5b6e5cebfcb87
                                                                                                                                                                                                                                        • Instruction ID: 0f073c0884cb47da52668719138e4567514c4b755638985978154857376958e6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 480521c746e961e5bfcf08e6a8a0dbe919b62b55e733c41fdbc5b6e5cebfcb87
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98318BB58013499FDF10CFA9C845BEEBBF4FF48320F10852AE959AB241C779A544CBA0

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 637 7cc003f-7cc008c 639 7cc008e-7cc0094 637->639 640 7cc0097-7cc00a6 637->640 639->640 641 7cc00a8 640->641 642 7cc00ab-7cc00e4 DrawTextExW 640->642 641->642 643 7cc00ed-7cc010a 642->643 644 7cc00e6-7cc00ec 642->644 644->643
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?), ref: 07CC00D7
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DrawText
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2175133113-0
                                                                                                                                                                                                                                        • Opcode ID: 44f79b1b87a5d3257cc28dd99cc5ffc17de86497d1b624da018cb0659dba9704
                                                                                                                                                                                                                                        • Instruction ID: a811fd6d21fdeef61862b5c2fd12509193def77ce6f1d1ee467a61e87bf661c8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44f79b1b87a5d3257cc28dd99cc5ffc17de86497d1b624da018cb0659dba9704
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD21C0B590020ADFDB10CF9AD880ADEFBF4BB48220F14842AE919A7210D775A944CFA0

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 647 7cc0040-7cc008c 648 7cc008e-7cc0094 647->648 649 7cc0097-7cc00a6 647->649 648->649 650 7cc00a8 649->650 651 7cc00ab-7cc00e4 DrawTextExW 649->651 650->651 652 7cc00ed-7cc010a 651->652 653 7cc00e6-7cc00ec 651->653 653->652
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?), ref: 07CC00D7
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DrawText
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2175133113-0
                                                                                                                                                                                                                                        • Opcode ID: 0664fefe29fd6351f60b645ec74ebcc8311bb1880c69e88d48e626586a3b29d6
                                                                                                                                                                                                                                        • Instruction ID: a41a2b5ca38c3e3a2376d1a23a73eaef16794c7875424f2909b61763ee2de6ed
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0664fefe29fd6351f60b645ec74ebcc8311bb1880c69e88d48e626586a3b29d6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6421A0B590024ADFDB10CF9AD884A9EFBF5BB48220F15842AE919A7210D775A954CFA0
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07EA9DF0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: MemoryProcessRead
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1726664587-0
                                                                                                                                                                                                                                        • Opcode ID: e3e136258d30a3852068c9443231ae3b96c8ee983b6cf008ff687a1f43d7ab8a
                                                                                                                                                                                                                                        • Instruction ID: aa536907ad4921b1ccb0488d7ba6befd675161f3c3ad67e6164cf1cb1a76c22d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3e136258d30a3852068c9443231ae3b96c8ee983b6cf008ff687a1f43d7ab8a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 722157B18003499FDB10CFAAC881BEEBBF4FF48320F10842AE518A7251C774A540CBA1
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07EA9D10
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3559483778-0
                                                                                                                                                                                                                                        • Opcode ID: d9d98dca55d10dadaa108ad7c576e07dfa27206fde61df52fe52d1459bffd3bd
                                                                                                                                                                                                                                        • Instruction ID: df1db9431712b6c516dae3a1dc6d6263b36e45fc74b7633465f08089ae7d43f6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9d98dca55d10dadaa108ad7c576e07dfa27206fde61df52fe52d1459bffd3bd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F42126B19003499FDF10CFAAC885BDEBBF5FF48310F10842AE919A7241C779A950CBA5
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07EA9B66
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ContextThreadWow64
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 983334009-0
                                                                                                                                                                                                                                        • Opcode ID: 630b30be15d834fdf5d2e2fe089befa04821dee9cbb1efaaea05667df3296cc3
                                                                                                                                                                                                                                        • Instruction ID: bbcec53d19efef717356a839131c38898a8a4783a2d1a008bab358122b4e6ed0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 630b30be15d834fdf5d2e2fe089befa04821dee9cbb1efaaea05667df3296cc3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F02139B19043099FDB10DFAAC4857EEBBF4AF88324F14842ED559A7241CB78A584CFA5
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0307D76E,?,?,?,?,?), ref: 0307D82F
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2145794660.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_3070000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                                                                                                        • Opcode ID: 58d7a6a0e92de2dcd40e7a397ac81a8a89d7a5059d8fe3d8d8ce0de9972678aa
                                                                                                                                                                                                                                        • Instruction ID: 23630b9cc59cbd152b5778c13fec97736a2d3c0d838e430f9069474441607d49
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 58d7a6a0e92de2dcd40e7a397ac81a8a89d7a5059d8fe3d8d8ce0de9972678aa
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0921F2B5D01249EFDB10CF9AD984ADEFBF4EF48720F14801AE918A3250D379A950CFA4
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0307D76E,?,?,?,?,?), ref: 0307D82F
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2145794660.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_3070000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                                                                                                        • Opcode ID: df83d0bf948cb9f100a7e2154034d8d8b7aa74d79e671dd17f15f2e205608e7b
                                                                                                                                                                                                                                        • Instruction ID: 89d84a7a9a864b2cc291d55876e9a04ca3ade35646ae15d413ce5cbc11a9fa22
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: df83d0bf948cb9f100a7e2154034d8d8b7aa74d79e671dd17f15f2e205608e7b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D221D4B5D01249DFDB50CF9AD984AEEBBF4EF48710F14841AE918A3310D374A954CFA5
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07EA9DF0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: MemoryProcessRead
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1726664587-0
                                                                                                                                                                                                                                        • Opcode ID: c11917a361ea9778a6dfbada1af8aed48f926a6d0b79f3263803b12ad3a4941e
                                                                                                                                                                                                                                        • Instruction ID: 0022d0c1bcccd4090574609a72a8f2b388bce5c64d8359366032a4f73770e768
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c11917a361ea9778a6dfbada1af8aed48f926a6d0b79f3263803b12ad3a4941e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 722116B18003599FDB10CFAAC881BDEBBF5FF48310F108429E519A7240C779A550CBA5
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07EA9B66
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ContextThreadWow64
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 983334009-0
                                                                                                                                                                                                                                        • Opcode ID: db0b3fabbe22f14d5fee258283f1919cf9ed627367067e6fcef23e224f6e4598
                                                                                                                                                                                                                                        • Instruction ID: b84d2d9c119597b37d6277f6f07976da73ce69312c98a4143289877bb8e5f908
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db0b3fabbe22f14d5fee258283f1919cf9ed627367067e6fcef23e224f6e4598
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 962129B1D003099FDB10DFAAC4857EEBBF4EF88324F148429D559A7241DB78A944CFA5
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07EA9C2E
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                                        • Opcode ID: 3863fdbdceb6f6186c96169828f2a4e9cbf705ae45fe14e812c10cabb2aafbf8
                                                                                                                                                                                                                                        • Instruction ID: 9c6fd0cc46a3767029a93266d519a82c5d5388881f6c45541cf8df09f64ae536
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3863fdbdceb6f6186c96169828f2a4e9cbf705ae45fe14e812c10cabb2aafbf8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D1147769002499FDB20DFAAC845BEFBBF5AF88320F108819E519A7250C775A550CFA1
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 07CCDA83
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                                                                                                                        • Opcode ID: 4d669da12f77077e0728b711d0357e39b0eb53a4c419ee1468ac46e68d9e4ef4
                                                                                                                                                                                                                                        • Instruction ID: 099f07698451f16838e2214c698a797501f7e637c55b9ee226796410bb2f8901
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d669da12f77077e0728b711d0357e39b0eb53a4c419ee1468ac46e68d9e4ef4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 812106B5900249DFDB10CF9AD484BDEFBF4FB48320F148429E958A7650D778A544CFA1
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 07CCDA83
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                                                                                                                        • Opcode ID: 13d93cd3af171f3f49b3cdbcfcb1c976fbc372f87e038e362e881de8699a5498
                                                                                                                                                                                                                                        • Instruction ID: be0d38fadeb729e63b54c44932e8f11f532eb02ad8926b30a23649baf78f1b76
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 13d93cd3af171f3f49b3cdbcfcb1c976fbc372f87e038e362e881de8699a5498
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D2103B59002499FCB10CF9AC884BDEFBF4FB48320F108429E958A7250D378A644CFA1
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07EA9C2E
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                                        • Opcode ID: 4a5e5df4241ed5b0b218a022c369bc4cd4360c7640a63713164433fc466b9fa3
                                                                                                                                                                                                                                        • Instruction ID: 7a808815d5741294f96fbe5bb64eb0c149fe317417b32614227a16920ff201dc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a5e5df4241ed5b0b218a022c369bc4cd4360c7640a63713164433fc466b9fa3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F1126729003499FDB10DFAAC845BDFBBF5AF88324F248419E519A7250C775A550CFA1
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ResumeThread
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 947044025-0
                                                                                                                                                                                                                                        • Opcode ID: 225f728329efa8ba6d938a7732764eb16b75174777da42684a9a1863596793e2
                                                                                                                                                                                                                                        • Instruction ID: e275856b6e813090639fc2815b8284096c944fd299595d57b5310d52c26fc2c5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 225f728329efa8ba6d938a7732764eb16b75174777da42684a9a1863596793e2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 051146B5900349CFDB20DFAAC4457EEBBF4EF88324F24841AD559A7250C779A940CFA5
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 07EACA05
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: MessagePost
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 410705778-0
                                                                                                                                                                                                                                        • Opcode ID: 339fe275294d8bde09a1c340bd2abf63c235b52116b3a62b09c1e92cc8f3f382
                                                                                                                                                                                                                                        • Instruction ID: 6da131376e68b5868e3b8bbb368f062d427680a8ff3bfda882e605ce805c9726
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 339fe275294d8bde09a1c340bd2abf63c235b52116b3a62b09c1e92cc8f3f382
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6911F5B5800349DFDB10CF99D985BEFBBF8EB48324F20881AD559A7610C375A584CFA1
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ResumeThread
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 947044025-0
                                                                                                                                                                                                                                        • Opcode ID: f41c054e19b0d27c2bca8bb303ec3a83dce31a299f31743657d644827a80f8e2
                                                                                                                                                                                                                                        • Instruction ID: 89296e402f719d980d4764c2449a80acd3d182d9f99a3fb5ae143872b410b961
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f41c054e19b0d27c2bca8bb303ec3a83dce31a299f31743657d644827a80f8e2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 571136B1D003498FDB20DFAAC44579FFBF4AF88724F24881AD559A7240CB79A940CBA5
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0307B546
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2145794660.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_3070000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                                                                                                        • Opcode ID: be96ab11623814ed147c4f7e5b8837c2ef53274eab5166c3d393ce8d4a9d56f0
                                                                                                                                                                                                                                        • Instruction ID: b84d15b8c8cb826ab2239017314529c2e282f8deddf4b9a51cad9b22754107b0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be96ab11623814ed147c4f7e5b8837c2ef53274eab5166c3d393ce8d4a9d56f0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C110FB6C006498FCB20CF9AC444BDEFBF4AF88320F14841AD419A7210C379A545CFA5
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 07EACA05
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: MessagePost
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 410705778-0
                                                                                                                                                                                                                                        • Opcode ID: cf400289664d5137a2bb2d8a59974647d5c44c04517014bdf564f8e8ecb1015f
                                                                                                                                                                                                                                        • Instruction ID: c6d5b94e6a5eaeca71222712f8c7dd82536ff81a923741ea39efce524dcb76e8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf400289664d5137a2bb2d8a59974647d5c44c04517014bdf564f8e8ecb1015f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B1136B5800349DFCB10CF89C445BEEBBF8EB48324F209819E519A7210C3B5A940CFA1
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                        • API String ID: 0-2766056989
                                                                                                                                                                                                                                        • Opcode ID: 7c4b3f7c0af6a58eb82c4d267c49524bb1797d7c0d0b5903d117fda6ef3c3826
                                                                                                                                                                                                                                        • Instruction ID: 3f1ae3c212224dfb7749aabd7d29e7a636e09fc5b73c419abc2c2a7671685112
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c4b3f7c0af6a58eb82c4d267c49524bb1797d7c0d0b5903d117fda6ef3c3826
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17411331B002558FCB09AB7AE85467EBBB6EF89250B0444BAE409DB3A5DF71CC02C795
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 0-3916222277
                                                                                                                                                                                                                                        • Opcode ID: 71d13dcf6eb0880341fb8d11957193cc0de1d91dfafefe9c65946079e586bf3c
                                                                                                                                                                                                                                        • Instruction ID: 8b2674452d66a27b5beb49a430f7defef6cdbab43eafb7229fc5d997736acd80
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71d13dcf6eb0880341fb8d11957193cc0de1d91dfafefe9c65946079e586bf3c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B510771A0020ACFDB54CF6AE98469EBBF2FF88351F14C129E819AB350D774E951CB90
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,07CC2BB9,?,?), ref: 07CC2D60
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                                                                                                        • Opcode ID: c3d8898c4b24d409d7eaa5ee4c4c7e5faafbd09322897371a58662ff086f4024
                                                                                                                                                                                                                                        • Instruction ID: af91a262124988af2518a3903b92e0c7ae5fc2a4e09e91b8fb2204fd73c75672
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3d8898c4b24d409d7eaa5ee4c4c7e5faafbd09322897371a58662ff086f4024
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF1138339102098FCB10EA68D8443DEBBF0FF84320F00852ED559A7240EB749598C7D2
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                        • API String ID: 0-2766056989
                                                                                                                                                                                                                                        • Opcode ID: 6d6b6d7835c1ea74fe4ff968b0d388a3b18805562d099c63082228d6780a2db8
                                                                                                                                                                                                                                        • Instruction ID: 1ae5fff1022c94d5a881dbe7b10a4e65c5ac650c4e6e95c40435f2e38af96213
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d6b6d7835c1ea74fe4ff968b0d388a3b18805562d099c63082228d6780a2db8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F511A0B0F00205DFCF15AFA9D98467DBBA2EF89250F444469E508EB349CB748911C795
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,07CC2BB9,?,?), ref: 07CC2D60
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                                                                                                        • Opcode ID: 43094aef7b4a8a167908f3334e140c5ff87913afcd380e3c17e0d3a686ea6795
                                                                                                                                                                                                                                        • Instruction ID: 89edc6788983cb27a16bbd66997086f7f29791799435847bf018e577f61bf726
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43094aef7b4a8a167908f3334e140c5ff87913afcd380e3c17e0d3a686ea6795
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F31155B6800309CFCB20CF9AD485BDEBBF4FB58320F20841AE558A7640D778A544CFA1
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,07CC2BB9,?,?), ref: 07CC2D60
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                                                                                                        • Opcode ID: 9840dba86ac95b30582e37effbb7a4b6e168ae29b4b9776d98fc4f76468ddf42
                                                                                                                                                                                                                                        • Instruction ID: c8d99e2ae382df91c3b287f4904108a0ef4b968dd787784edf97004aad3ac745
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9840dba86ac95b30582e37effbb7a4b6e168ae29b4b9776d98fc4f76468ddf42
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B41113B2800649DFCB20DF9AC585BEEBBF4FB58320F10841AE559A7240D778A944CFA5
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 413831be30e013b93dcd729cbd9ca816d2f9dc11d5068638db9ad61dbdad377b
                                                                                                                                                                                                                                        • Instruction ID: 7a0f07cb34604345a2343e1b216479c9b280d05e39db8e1bed12eb0e6e36c77e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 413831be30e013b93dcd729cbd9ca816d2f9dc11d5068638db9ad61dbdad377b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED621370D11B818AD7B09FB6E9493AE7AE1EB41340F14893EE0FACB351DF7494518B49
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 705b8238eef3a45c9db81700925aab8a223e5d472753dbfe1ff67e79dfd65e9f
                                                                                                                                                                                                                                        • Instruction ID: 83c0a7a1351f68984fa8a28aef8ebe53b212b5c405ae8dcec9e75d509d1b6e50
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 705b8238eef3a45c9db81700925aab8a223e5d472753dbfe1ff67e79dfd65e9f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7AB15A34B102058FCB58EBB9E554AAEB7F2BFC8210B644469E912EB394DF35DC01CB65
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 638766b88105a85ebb0e5fec98e69910af60747d6e54629c9ccda8266d0f30b5
                                                                                                                                                                                                                                        • Instruction ID: db05d06251984063a092de7a88d7fc0ef417b6e61f18780722c9dfd7c1602447
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 638766b88105a85ebb0e5fec98e69910af60747d6e54629c9ccda8266d0f30b5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A81CF38710610CFCB54EF29E498AA97BF6FF89A15B1541A9E902CB371DB71EC11CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 12c8b8784692c293cc5bdb8968d2f7a095e2d71f8aba2233e6210bd24b0d1401
                                                                                                                                                                                                                                        • Instruction ID: 5722d3b2bf67eb1fb187d4f1449bdf609c2579847c857bb9c3d419fc741a94f9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12c8b8784692c293cc5bdb8968d2f7a095e2d71f8aba2233e6210bd24b0d1401
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD81A335A10609DFCB04EFA9E8589ADBFB5FF89304F108559F442AB364DB70A945CF90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 5295e7ac8d088557c7693f136c2d10bc5e6ef99ca04269ab00f560317e0c116b
                                                                                                                                                                                                                                        • Instruction ID: af026875e1753080f9016895686b7c29116f5d1b9f1f56f4ff6177e5bd66f242
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5295e7ac8d088557c7693f136c2d10bc5e6ef99ca04269ab00f560317e0c116b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2818F31B042048FDB54DF6AE494AAEBBF2FF88314F1585B9E059AB351DB70AC41CB91
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 97601f01dcde3338acd50144d822907d6192533992d725ddacd959aa75432e8b
                                                                                                                                                                                                                                        • Instruction ID: 257eb57ca6d0edceb16ea7be20c12fe946d7c161da7de17e2b6cd5d663f08cf9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97601f01dcde3338acd50144d822907d6192533992d725ddacd959aa75432e8b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E717F34E10609CFDB44DF7AD868AADBBB5FF88305F148169E406A7350EF34AA45CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: faf5eddfe10e699f13c39d5dbcac222de814ea6b464f9a24ea490ce39339dbfe
                                                                                                                                                                                                                                        • Instruction ID: d43f3c18272c8c1a77ababc1354ebce5e92cf5d35dce63089a9d05994fc854c3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: faf5eddfe10e699f13c39d5dbcac222de814ea6b464f9a24ea490ce39339dbfe
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86519C35A00205DFDB54DF6AE884B9EBBF5EF8A300F14816DE409AB361DB75E845CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 3c89c2d68a477bc6478cb179fd0983a7146cefce77114d4c192ff37905aaf649
                                                                                                                                                                                                                                        • Instruction ID: 2353b1b8cfee4412e81cb297b501bbb73d2365570e2559b34094e5ebfa95d1d2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c89c2d68a477bc6478cb179fd0983a7146cefce77114d4c192ff37905aaf649
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F971BF74A11208EFCB55DF59E894D9EBBB6FF48314B114098F902AB361DB31ED81CB50
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: cf314accc228d0a04bb6e2e9f5439de8fa5b459a94202fc9367d9fd2a5ffd587
                                                                                                                                                                                                                                        • Instruction ID: fa8969c0966d728b7b12c6fd49ab4da7ef7ca712b04753b6f6ffb9f5ebcd9d46
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf314accc228d0a04bb6e2e9f5439de8fa5b459a94202fc9367d9fd2a5ffd587
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DF517B30B002049FDB55EB6AD494AAEBBF6EF8A204F10456DE516DB3A1DB74EC05CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 9a57dc793c3d30603bdb74566632242a8c80ec52dcf753669869eb504a776dd4
                                                                                                                                                                                                                                        • Instruction ID: 0b5fec1c43a887d94a2e7ac71d6fa5ae2467bd36b4fdaff215b3666e16a39843
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a57dc793c3d30603bdb74566632242a8c80ec52dcf753669869eb504a776dd4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8951AE30B102068FCB54EB7AE8449BEBBF6FFC82247148569E459DB390EF309D058791
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: f41f51c05f4d00f7be1064b7749573ddfd4505b24fea6c019222fc2fa5fe5e34
                                                                                                                                                                                                                                        • Instruction ID: ae25dc988bfb7cb798425f25b7ad93d845da6f28ff65acc353309b6b74650dc1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f41f51c05f4d00f7be1064b7749573ddfd4505b24fea6c019222fc2fa5fe5e34
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B413934B142589FDB94DF6AD8A4AADBBF6BF89704F1440A9F501EB361DB31D900CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 99cfbc108fa4b040517476243b7fb187336ada20427401ecf0204ad0e42c7125
                                                                                                                                                                                                                                        • Instruction ID: f1563519ef2b83947c5695d293265280b06b26cd9d51485f62ea9e7134987f0e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99cfbc108fa4b040517476243b7fb187336ada20427401ecf0204ad0e42c7125
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A051D338A11204EFCB54DF69D894CAE7BB5FF89320B1144A9F9019B361DB31ED81CB50
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 47c99ae1c13d1399f0d366e6012bee9c4bfaf67abc7b5c9d5fb725b719c7cccc
                                                                                                                                                                                                                                        • Instruction ID: 6d58cc9a2f4336bc9454e508027e24e5f655f3ce2bde5298a9ff8690d40f841b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47c99ae1c13d1399f0d366e6012bee9c4bfaf67abc7b5c9d5fb725b719c7cccc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9419071C09398DFDB12DFA9D8547DDBFB0AF0A314F15408BD085EB292D6784849CBA6
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: e348ba057468de68ba9333c856314d8f8dabb4f76405667c6d035d1ab4d0bcf6
                                                                                                                                                                                                                                        • Instruction ID: 725437963a4400153d6fb1a10d3100e3523c3cd4d26fe61e60449e21c4f0e5a0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e348ba057468de68ba9333c856314d8f8dabb4f76405667c6d035d1ab4d0bcf6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7418F35E1021A8BDF00DE69D4946EEB7F5FF88311F14856AE445E3291DB38DA84CB61
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 93f7113ecafdb4b0ef5a22f866d8e88056d7afbf1e99ba72c014b6135fee5125
                                                                                                                                                                                                                                        • Instruction ID: 2e262f0b9a6e52d0970ea238e0b1ea42b8e506e7bdc994d1974f2e923881c9dd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93f7113ecafdb4b0ef5a22f866d8e88056d7afbf1e99ba72c014b6135fee5125
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4641FD34B012188FDB54DFA9D854FDDB7B5FF88704F114069EA05AB3A1DB75A901CBA0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 61ea5b3eb772042c0946ba8b8bedd880447d0e9c846cd51c7912e4f311de26ee
                                                                                                                                                                                                                                        • Instruction ID: 71954adb7c0b35e06197addffff45c5348abf73b8c1d75b34f1fb3d65042919d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61ea5b3eb772042c0946ba8b8bedd880447d0e9c846cd51c7912e4f311de26ee
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D416971A10B01CFD770CF29E645B6ABBF1FB44210F144A2AE0AAC7701D770E849CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 2790672aa112aa5529cba4298c4f8071404031e919ca4952952a11d39eceebcf
                                                                                                                                                                                                                                        • Instruction ID: 9448d17f9ced315a2e5d10bfe96d654456ccf624e2f1c0a4e4faf93e999dc833
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2790672aa112aa5529cba4298c4f8071404031e919ca4952952a11d39eceebcf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D413C31D20608DFCB44EFA9E944ADDBBB1FF49301F108629F445B7250EB31AA98CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: ed1634709a4fe3100ad08a388bced76463cc58d8ebdcb71ba662d4c11464d279
                                                                                                                                                                                                                                        • Instruction ID: e9e94f13b41b74c3901c689dff19cc065750724c48dd79b653651589dd46c6d2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed1634709a4fe3100ad08a388bced76463cc58d8ebdcb71ba662d4c11464d279
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED3161767046109FC360DB6AE884C66BBE6EFC9331321856AF15AC7770CA31DC01CB50
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 3e7d69ca1b749e1e29e1b478bd7bf8320dc5f6997fcd1c61e92a9856a4467ab8
                                                                                                                                                                                                                                        • Instruction ID: 0cc50758e51d0cf7a8a76cee053bbf712a5fa5ec99c5565c82b871f96d48687e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e7d69ca1b749e1e29e1b478bd7bf8320dc5f6997fcd1c61e92a9856a4467ab8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2319E36E1421A8FDF04CE69D4946EEB7F5FF48311F04856AE844E7291DB38DA84CBA1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 28f4e9663805c7f821f0103dc271292f0a2f601ecee785bad4bceae53f396ed5
                                                                                                                                                                                                                                        • Instruction ID: 0e4cdf4114e8f228644607e3656d87ea54051fa92b90d4e9b923083a3495a9dd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28f4e9663805c7f821f0103dc271292f0a2f601ecee785bad4bceae53f396ed5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14310276F102008FDB24CB29D981ABE7BE6EFC5315B288166F54AC77A1C638E881C751
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 02901b1b7cdd1cb5791affc4f2ce8f2f5e7d92bd91480d33bf2a261d4b9f91e7
                                                                                                                                                                                                                                        • Instruction ID: e6272aa1ba751fee8f28698af4bbc85452d8b07d92d9336a54869f3a6a8d9284
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02901b1b7cdd1cb5791affc4f2ce8f2f5e7d92bd91480d33bf2a261d4b9f91e7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D131E171700241CFD7699F2AE8851AABF71EFD1308F24896CF4529B341CB36D866C791
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 18b40c88681fc52b47652bd7899fcbf7594ba877326a6d43aef49d9ace8690e6
                                                                                                                                                                                                                                        • Instruction ID: 08af30d0d1730de5785cea2ff70ca4ac049e728812bc01e30879b2149e792548
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 18b40c88681fc52b47652bd7899fcbf7594ba877326a6d43aef49d9ace8690e6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 583102B1B04241CFDB29DF2EE88519ABF70FFD1208B24896CE0569B352D735D826CB91
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 73b1eece2f329aac6f0c284e40f2396b01e24b3303cacf57bdcdbf2eb41447f6
                                                                                                                                                                                                                                        • Instruction ID: 9246037938903d10693594c0ae38948463c5131bb72888cd77b2e0687d2dd781
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73b1eece2f329aac6f0c284e40f2396b01e24b3303cacf57bdcdbf2eb41447f6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C219D35F102008FCB59DB6EE45896D77EAEFC966171580AAE905CB360EE31EC01CBA0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: fedcefb1f46a04e41e4e6632bd6d9ed96ad25996e19c0f0b43585f229649e581
                                                                                                                                                                                                                                        • Instruction ID: dccce84c822984f2d1f5a1db957cb45cc8bbbd710d4325506ffaf34b9fd24ece
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fedcefb1f46a04e41e4e6632bd6d9ed96ad25996e19c0f0b43585f229649e581
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1331E739A20219DFCB04DFA9E884D9DF7B5FF89700B1181A9E915AB361C730A840CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: ac8f611d3f686b74969ade4960564065dc3334a5d9a3223c732c9edeb719d672
                                                                                                                                                                                                                                        • Instruction ID: 693a412221d5621adf081daeeb50826b8859255d8c5d4912788172acaae4102a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac8f611d3f686b74969ade4960564065dc3334a5d9a3223c732c9edeb719d672
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61212637F102114FEB28CB2AD8815BE77E6EBC4325F288129E907D3350CA34E980C761
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 3c0fa8d18e660d89286bb2a88c1557760624b6017f486f7eeee67d93744ff5a1
                                                                                                                                                                                                                                        • Instruction ID: 5105a5b471f51eb364e5a0f22850cad3e94c7e927a80212c289ac71615c2021e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c0fa8d18e660d89286bb2a88c1557760624b6017f486f7eeee67d93744ff5a1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9221B375F006068B8BA1DB7AE8445BFBBF6EFC4211714452DE855E7340EB308D0587A1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 9c1182d1f7fedce81a44576a0a6a7f0822f2896e51656fb4c11bdedf88d405e5
                                                                                                                                                                                                                                        • Instruction ID: 047a72394d9f352eb52c0e2f467ebf19ec30fa6a36748bd1f9601d0d7334216d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c1182d1f7fedce81a44576a0a6a7f0822f2896e51656fb4c11bdedf88d405e5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE212834B10610CFCB44DB29E8989AD7BF6EF89A0070541AAE606CB371DB71EC01CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: cc95f75f9bf59e5c4203298fa6242eb5c0774c4dca168b9b1f1c23647dcbb579
                                                                                                                                                                                                                                        • Instruction ID: 94a439c70620d296bca97efe8bf11e43f8f0243f912697165c2b72071f25de76
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc95f75f9bf59e5c4203298fa6242eb5c0774c4dca168b9b1f1c23647dcbb579
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3121C471A10B058FD774CF39E686B16B7F6FB45250F040E29E1AACB700D7B0E8598B91
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 8dc5574876c17f8b63270cae41fa9ac01322f83b6c2918d913d2f764c492335f
                                                                                                                                                                                                                                        • Instruction ID: 7fc8eae8d40762b031c2d00ad3fcfcdb98c522be3cc8859a6eb18efc16a3411a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8dc5574876c17f8b63270cae41fa9ac01322f83b6c2918d913d2f764c492335f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6721AE307003808BC764AB7AE8546367BF6AFC6304B9409BED996DB395EF36D806D710
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: ad68c139743bd6bf173474b343e2ae1c11a4fdbc7fbc8d2dafdd92aa92dacf85
                                                                                                                                                                                                                                        • Instruction ID: 64dc2494a193e20332e6b1b6f72e02db100502e374b343e2d87176ad0b41ab97
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad68c139743bd6bf173474b343e2ae1c11a4fdbc7fbc8d2dafdd92aa92dacf85
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1218E307112118FCB98DB2EE864A6A77E9EF85615B1480AEE502CF371DBB1DC02CB91
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2145090331.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_158d000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: ada52a4c0c30cf60f7b8fd0144f1921e88554b7fad42c4ee17c9325e41db7da7
                                                                                                                                                                                                                                        • Instruction ID: 8afb8e687f51be42ef5ed6711645164e6844dbe82ea0d1e5a86e3a4dc7f98a40
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ada52a4c0c30cf60f7b8fd0144f1921e88554b7fad42c4ee17c9325e41db7da7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A121CF75504204AFDB05EF94D580B2ABBB5FB84324F20C96DE90A5F292C776D846CA61
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2145090331.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_158d000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 0e803d34db546a9212c3c0b1c8e53fb7e879ec3a539c4719dd556939ae4aa1cb
                                                                                                                                                                                                                                        • Instruction ID: b10f8232768c57d839b91fb34b56bb3d0a250cb7d9deb27f106f6f2f0f053df4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e803d34db546a9212c3c0b1c8e53fb7e879ec3a539c4719dd556939ae4aa1cb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F210075504204EFDB05EF98D9C0B2ABBF1FB84314F20C96DE9095E2A2C7B6D846CA61
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: eb3d55925f23042320b3365f48f3a48440d504c3ad4a834a977ff313136496ca
                                                                                                                                                                                                                                        • Instruction ID: 79753dca6e8a1d46e1e658097c7b9795187693c639d95d66a160da5469f48ce0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb3d55925f23042320b3365f48f3a48440d504c3ad4a834a977ff313136496ca
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C421CF36E00209CBDB14DF6AE4182EE7BB2EF89311F14802AE81277340DB759948CBA0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 381e55275df7db6cbba252ffa1fbfcfafb2bf95422ba75a35d12cfc7c3541084
                                                                                                                                                                                                                                        • Instruction ID: c79e10dd41dab8dac71b0de6f93d1e764064c78a245fc88fcd38819e3b59d28c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 381e55275df7db6cbba252ffa1fbfcfafb2bf95422ba75a35d12cfc7c3541084
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D216D307112118FC798DB3EE864A6A77E9EF85615B10807DE506CB361DFB2DC42CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 07c9208b90f35fe6da244013df8924cc968b6fa3ce73bb5113bab97b572443e3
                                                                                                                                                                                                                                        • Instruction ID: 687098fdb395f670d2dccdbe52ed55d57337b7eb28ab4494dc2d3e6ceac8c394
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07c9208b90f35fe6da244013df8924cc968b6fa3ce73bb5113bab97b572443e3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF216F35B002109FC764DE1AE5A4A6A73BAFBC4724F00442EF5468B750CBB5FD41CB50
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 3d76ef1297904f3fd442c0878b3c80c6f32a9b259f48d944789bb5fc085df57a
                                                                                                                                                                                                                                        • Instruction ID: 42298e64bc465f156821eb42ccde5a483e19931768d50abe5e3fcdab37b26d6e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d76ef1297904f3fd442c0878b3c80c6f32a9b259f48d944789bb5fc085df57a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64218176B00211CFC7659B5AF840BAAB7E2FBC4221F14C93EE509CB750DA75EC458B94
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 7f1fbc96b91d814f1518d52915a777e003741602756b67a68112c3eb34c5963a
                                                                                                                                                                                                                                        • Instruction ID: 3862e6be528ffc76d2dfbe2cbc76df2c1ae01cc227afa274c09e51e8e7892e76
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f1fbc96b91d814f1518d52915a777e003741602756b67a68112c3eb34c5963a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29215C75E002099FCF00DFA9D8409EDFBB6FF8C311B14826AE918A7300EB31A951CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: c5ee81bd21ec5e7ade9fffb09fe712060afb3ae8f5da4313db34c285f26e350a
                                                                                                                                                                                                                                        • Instruction ID: 9b78d3168b357f20da9cc3f187a078e4522a0917e080c6ad96aad87c13b2d0ce
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c5ee81bd21ec5e7ade9fffb09fe712060afb3ae8f5da4313db34c285f26e350a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED2165B1E0460ACBCB017FA9F9861BEFF76FF41211F410955E585B2094EB3248A98B95
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: a6afa5da660a75195aa6b9273b0899286d249b452c01f3ec8bea38be6a0d2763
                                                                                                                                                                                                                                        • Instruction ID: c08ca42e688bc2e0bb9216f8ce31deea210eda2300c6903b88d5c8f991479640
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6afa5da660a75195aa6b9273b0899286d249b452c01f3ec8bea38be6a0d2763
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A214A75E01209AFCF01DFA9D8409EDFBB5FF4D310B0482AAE958A7341E735A995CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 89a8cba2839de9419797279a97e888b6bb5ebfcf6c37c1d8ceebe9276bd5178b
                                                                                                                                                                                                                                        • Instruction ID: 0acb75af79e4443436f167e1732e6ca1ad1d41775e35fc95d300f83d51376f6c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89a8cba2839de9419797279a97e888b6bb5ebfcf6c37c1d8ceebe9276bd5178b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 962180B1E0460ADBCB017FA9F9860BEFF76FF81211F400955E581B2094EB3248A98BD5
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: e3dd8027bf7fe675e8b138109887169bd40ecd8268e4454e89bbd3b63936b98b
                                                                                                                                                                                                                                        • Instruction ID: 4a884045b0a516d8052cef03b19636b23846f0d00ac623f3601734bae2594f54
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3dd8027bf7fe675e8b138109887169bd40ecd8268e4454e89bbd3b63936b98b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA213E35A002189FCB45EB65D855AED7BF2FF89310F114458E402AB360DF359C41CBA1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: f2f197d6d5cd18c54455f991ca001b954e10c12bc0cedbb0c9307823b7d4689c
                                                                                                                                                                                                                                        • Instruction ID: a118f4949442eea6837bdb75194771a228221c974c27be60e7055b728825a3eb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2f197d6d5cd18c54455f991ca001b954e10c12bc0cedbb0c9307823b7d4689c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF31EEB0C01318DFDB60CF9AE985BDEBFF4AB48714F24841AE404AB290C7B55845CFA5
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: d4dab9ea52135bbcdb84024640a1d89d0854f4c821019581c34c6b0de6ef0956
                                                                                                                                                                                                                                        • Instruction ID: 42a31c59c9a5fe143117fa649705a4dae914f135114f5d49cad4ac18b85ac80a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4dab9ea52135bbcdb84024640a1d89d0854f4c821019581c34c6b0de6ef0956
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB210071E1020A9FCB05DFADC8448EFFBF9FF89210B11855AE414E7211E770A956CB91
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 78f37d9bbf62df0aee1d42a993d1d445df19d8c95ef6c2211c58288988861f11
                                                                                                                                                                                                                                        • Instruction ID: f974ae6e4165b3bb39bc93a6d58032558a188a3b6e881a530df040c091d10a82
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78f37d9bbf62df0aee1d42a993d1d445df19d8c95ef6c2211c58288988861f11
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B31CEB0D01318DFDB60DF9AE989B9EBFF4AB48714F24841AE404BB250C7B55845CBA5
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 7a7cf23f7df7b0b1b0e7f1840a5f432857401e0049cdcbe89df7498e08ad8636
                                                                                                                                                                                                                                        • Instruction ID: 52cfaf1b82d017617bf14b9a8d2dc39f9c7719f25231333d64d0a665561d9951
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a7cf23f7df7b0b1b0e7f1840a5f432857401e0049cdcbe89df7498e08ad8636
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB2128B5E0024A8FDB41CFA9D895AEDBBF1FB8C205F00815AE415B7350D7745D41CBA1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 09ca4bca4be8a24348a180ca45635118dac69b8ef7d6c1abc73dcc5c833553e6
                                                                                                                                                                                                                                        • Instruction ID: abc9f607e7475ba6c457d5e4c6aa471da7e49be227a909c6e7c1723422bdc996
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09ca4bca4be8a24348a180ca45635118dac69b8ef7d6c1abc73dcc5c833553e6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80118B75710A109FC745EB2CEC54A6EBBE9AF89254B14456EF486DB360EF30AC018BA0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 46b05a500796f5d769796b145a76f1c2e06816a613658539c51627ac760e811f
                                                                                                                                                                                                                                        • Instruction ID: 98736e757cd88d59431fae4afa437785a95ce90eecdba6d71ec30db0277591d1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46b05a500796f5d769796b145a76f1c2e06816a613658539c51627ac760e811f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E218975B006109FCB60DE1AE5A4A6AB3BABF88620F05802EF9468B761D775FD41CB50
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 7d2177330d6b4587076ac64b1a9b01e61a27d49041262a2290cfc5fe07f0b848
                                                                                                                                                                                                                                        • Instruction ID: a2afbd619ee6d819546f82330fbde5554fd7243f9c30637831eea0cd53d238f0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d2177330d6b4587076ac64b1a9b01e61a27d49041262a2290cfc5fe07f0b848
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66115C357093845FC7029F69A9506BB3F6A9F86154F0880ABF548CB292CA79C846D3A1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: a4669eeb000b3d0d9c6bcaaf4e1a70d2fee754a9af3a80833e3ab9906c69f63a
                                                                                                                                                                                                                                        • Instruction ID: 893735a36df22862349416dcc98cbda57942208301c9d6beb39e38828b971e58
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4669eeb000b3d0d9c6bcaaf4e1a70d2fee754a9af3a80833e3ab9906c69f63a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F821FC35A10218CFCB45EB69D854AEDBBF2FF89310F154468E402AB360DF759C01CB65
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: b14f8e963536f9b863ffa888f307faa91b9c83ed2992472cdb0625807e1fb3b1
                                                                                                                                                                                                                                        • Instruction ID: fd1a87a922e1a999052aa47b7e90b0c4ed506f758d24f06e87e4aa85fa6a412d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b14f8e963536f9b863ffa888f307faa91b9c83ed2992472cdb0625807e1fb3b1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE21A0B4E002098FDB44DFA8E485AEEBBF1FB48215F10812AE915B7350D734AD44CFA5
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 313a04ab75d0889c92c897592046944d8395dc93531dd1c1f9c2de187405299a
                                                                                                                                                                                                                                        • Instruction ID: 7b4a836632fcb5cb17224835f1b7e697d651fc5e48ab03154016585f37ec010a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 313a04ab75d0889c92c897592046944d8395dc93531dd1c1f9c2de187405299a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A118C35710A109FC744EB2DE844A6EBBEAFF89254B14456EF546DB360EF30AC01CBA0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: c243fc59beb2642378d3bd5302deb347ad6bd2d24f9fc97c187ac120a02d1046
                                                                                                                                                                                                                                        • Instruction ID: a2df72653fa9c5cfa5f1f4f9146336d5a4842492a0540a15f953e8bad9595a22
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c243fc59beb2642378d3bd5302deb347ad6bd2d24f9fc97c187ac120a02d1046
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A21CC75E1020A9F8B04DFADC8448AFFBF9FF99210B10C55AE518E7215E770A952CB91
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 9984356758bb8feb98960dd55ec46861107552101eb6591044b1b0a289ff1190
                                                                                                                                                                                                                                        • Instruction ID: ea5be2296a6d73fa994385ab0cc729538778389d9937a22b0b79f6cdff65df3a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9984356758bb8feb98960dd55ec46861107552101eb6591044b1b0a289ff1190
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4219FB4E0020A8FDB44DFA9D485AEEBBF5FB88215F10812AE915B7350D7746D44CBA1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: db5273596fd241759582f94d5d12684eaa481675c8ffde780d59ae6434a04c06
                                                                                                                                                                                                                                        • Instruction ID: f6f022d370475bd5b4e3ed7462177acce5de06a68f2f9031098ed323e6b26eb3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db5273596fd241759582f94d5d12684eaa481675c8ffde780d59ae6434a04c06
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E113A31F002498BCF94EBBAE9105AEBBB6AFCA311B104069D905E7340EE318D11CBA1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: d1e47f699efa22a78982af1dcc8d79554c6195cecd708b36e6144f302c3b4bcc
                                                                                                                                                                                                                                        • Instruction ID: c2ae039acacd5fd80ae3fcfaf091f29c61a7e6925ae5b4d66609142f2cb8f5f0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1e47f699efa22a78982af1dcc8d79554c6195cecd708b36e6144f302c3b4bcc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70113774E0021A9FCB05DFA8E9416EEBBF1FB48311F10446AE804BB340DB755E45CBA1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 8ce67e2adc75c32a9bc66fc257d1f3388f821235b1c8bcfcdaaf294b8ec00563
                                                                                                                                                                                                                                        • Instruction ID: cac87d4a044b977850cf3c772ba96288c26af7b8cefdceade385c47784024b00
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ce67e2adc75c32a9bc66fc257d1f3388f821235b1c8bcfcdaaf294b8ec00563
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3301CB71B082044FC789EB78A81426F7BE6EFC4210F25847ED54ADB398EE3089028796
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2145090331.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_158d000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                                                                                                                                        • Instruction ID: daf7ca7f90cb5545af166aaace4730ad6690adcd55607cfa6a18ab6d13475840
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E11DD75504280CFCB02DF54D5C0B19BFB2FB84328F24C6A9D84A4F696C33AD40ACBA1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2145090331.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_158d000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                                                                                                                                        • Instruction ID: 7bd27e63a6cd151eacea639db971dc5d95bfc63af54d24c5fa78568e6788c7da
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA11BE75504280CFCB06DF58D5C4B59BBB1FB84218F24C6A9D8094F6A6C37AE44ACB51
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 5396743d52e994688622a53277d2edb89e2949a140a9876aa9e733d3887f5068
                                                                                                                                                                                                                                        • Instruction ID: 6c337fd073aa34eeb6c1676313605df08ad5b95f478ad6982107a053b2baae96
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5396743d52e994688622a53277d2edb89e2949a140a9876aa9e733d3887f5068
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E711E9B5E0011A8FCB44DFADC945AAEBBF1FF88210B10816AE918E7315E7319912CB91
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 05fa7a8ecd979ece239849c866340443904a3a72aa42ca76dd2fdc4d93ce5fff
                                                                                                                                                                                                                                        • Instruction ID: 9642167c42097e7eaeee61fecfad890f254851fe319ba1298b34a7d109e75141
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 05fa7a8ecd979ece239849c866340443904a3a72aa42ca76dd2fdc4d93ce5fff
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9118C71A0020A9FCB55CF29D854AAE7BB5FF48610F044429F918D7310EB30DA10CBA0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 26e58128d8bb5cd81cae3f8a2ba44406ff33031e7c24db3c48b324edb7e79973
                                                                                                                                                                                                                                        • Instruction ID: a2e7a98204717ae23989a3923eb3158f843474a3257ceaf7f5e2350bbf78d7a9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26e58128d8bb5cd81cae3f8a2ba44406ff33031e7c24db3c48b324edb7e79973
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97119BB5E0021A9F8B44DFADC9449AEFBF5FF8C310B10816AE919E7315E7309911CBA1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 159ccc731c75aac48fec37861ad5246b34861f80b4b9aaee99dc3a66994dea84
                                                                                                                                                                                                                                        • Instruction ID: 0cf860ee6b84744165601a01a649b38759a71d930b9458aed988d41a38b75bfd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 159ccc731c75aac48fec37861ad5246b34861f80b4b9aaee99dc3a66994dea84
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E111447051538A9FC716DBB8E80A8DC7FB4FF4221470046DEE8829B293EE391A05C742
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: bb0312cf16ccaee693eac0041120da5090e11b1f8aece3c197167f093682c329
                                                                                                                                                                                                                                        • Instruction ID: 5817645c87d83cf15d9006b7732b0325e457a0fabeae19c52a497b6ffb01bc9c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb0312cf16ccaee693eac0041120da5090e11b1f8aece3c197167f093682c329
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A91148303453114BE714AB6CE4157EB7AC2ABC0B08F10892DD1D98F6C6CEF758454BE1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 3308d20abb127f7ceec4dc7acfbd2cb070e201b6014735ab65406a7c977ca2ee
                                                                                                                                                                                                                                        • Instruction ID: 2dcfdedef065f197026b53a575628d482af1acb7a4f6ed7f5ff0a5eeb8a69134
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3308d20abb127f7ceec4dc7acfbd2cb070e201b6014735ab65406a7c977ca2ee
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 950128317042445FCF919B55E9106BEBF669F86346F14C06BF44ACB241C637C446D3E1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: d2d9b2f170d4d2df81d5991da42c0b463fae52cb69fa77b5c1a8a79e14356d96
                                                                                                                                                                                                                                        • Instruction ID: 58c7c48a8ca932df23fbefb46af5532026415714dc7d168098057a9a2d5cccf2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d2d9b2f170d4d2df81d5991da42c0b463fae52cb69fa77b5c1a8a79e14356d96
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8115E71D04259EFDB14CF6AE8042EEBBB5EF44660F14862AF414DA250C7754981CBD1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 7eedfc971088ca0bc54865f7b912ec3ebe01ef2f53511552b45d7ebf2a5e5825
                                                                                                                                                                                                                                        • Instruction ID: 62448913e9c35c6c376392c5bcb3aeb54b4d19fc8a3b1a347ac00b2e911e822a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7eedfc971088ca0bc54865f7b912ec3ebe01ef2f53511552b45d7ebf2a5e5825
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E211D474E0021A9BCB44DFA8E845AEEBBF1FB88311F10446AD914BB340DB756E05CBA0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 8eaeb59e86870da32c80bb7561f520d2e971fe5bacbcc6de09d90fa83178b7d3
                                                                                                                                                                                                                                        • Instruction ID: 5117f0e381fda957ea8daf01de6cc26e0ac92c3db08497dfcb3500c46231b78a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8eaeb59e86870da32c80bb7561f520d2e971fe5bacbcc6de09d90fa83178b7d3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A113C71B0020A9FCB55DF6AD984AAEBBF9FF48650F044429F919D7310DB70DA10CBA0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 2ce2697038bd5434a1866d58b77d509fd81bb8f5be503b9ac764c4e686e1ab07
                                                                                                                                                                                                                                        • Instruction ID: d3682fe26b0f8a8e60a2cbf58028bef63a017a48471b6e71ba06e0416a123d21
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ce2697038bd5434a1866d58b77d509fd81bb8f5be503b9ac764c4e686e1ab07
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 55F096367197D02FC3164625AC148F67FA69FC756131941EBF046CBA53C52A4D0687B2
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: fedda15697f6b3ce725168774f1f6e605aba2b672cdab884961e16066b3be0e5
                                                                                                                                                                                                                                        • Instruction ID: eb7a7e0803918da91956c33d05829598f3a2602b5cbbe7576c165537f0e21981
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fedda15697f6b3ce725168774f1f6e605aba2b672cdab884961e16066b3be0e5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21114C3590E3D0DFC7178B74E964498BF71EE4321031A80DBD094DB2A7C6399C56CB61
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: f4d302cc30026f936940fb78ef0d536afc9497c3624a2d74e46a59f08283ce1c
                                                                                                                                                                                                                                        • Instruction ID: 03de376c30714dcedb3ce2e3b9b2783fb70854d33cd2244256a663f29bbeba53
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f4d302cc30026f936940fb78ef0d536afc9497c3624a2d74e46a59f08283ce1c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5701F231F005208FC7408A7BE858B6ABBE9AFC5750F054076F889CB361DA75DC018BD0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 9ff5a540b22e209cda27f4813ef76cbb16c98f3e513266e3cef0dec99ebf626a
                                                                                                                                                                                                                                        • Instruction ID: 364178339a9e0ac7091b912f631be581ac3cbfa764a112d29eee40560c1e5fa8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ff5a540b22e209cda27f4813ef76cbb16c98f3e513266e3cef0dec99ebf626a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B01F2307043109FDB69EB2AF81092ABBAAEFC1220728D47EE8059B351DF71DC06C791
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: f3c3b5cddf931fae4a81341c118f7cc4f8789057d73003729bc150f8fa50a73c
                                                                                                                                                                                                                                        • Instruction ID: 5fad69708ce0d793b606d32d8557100b7a512e4e4d188ff8bc24b3576be70bc5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3c3b5cddf931fae4a81341c118f7cc4f8789057d73003729bc150f8fa50a73c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2601F5303013119BE714A76CD4157EA76D6ABC4B18F10852DD1998F7C6CEF658454BE1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 5a846044b1fc50ff3e2d96b4f1425b8cdcb0076afe5cc1bdb03ce44de0f83350
                                                                                                                                                                                                                                        • Instruction ID: 398fc50590e49b99c3a31b5c432bf7b7ba8e79a2d4e4af9f0d5c0402acd661f8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a846044b1fc50ff3e2d96b4f1425b8cdcb0076afe5cc1bdb03ce44de0f83350
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D01F2B284A3802FC3074B2198504DA3F30EF57264B0A80DFE0848F663D12A4917C791
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2144998679.000000000157D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0157D000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_157d000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 235eb649857969010ee81e93d004e5e62bbaf506cbc194b055bee1069e01bc7e
                                                                                                                                                                                                                                        • Instruction ID: f0aeba08b9e063728d9b15beb35c6fe5436e0025a7aae1c92c485847015e463b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 235eb649857969010ee81e93d004e5e62bbaf506cbc194b055bee1069e01bc7e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA01A7724043949AE7114A99EDC5B66FFE8FF41664F18C41AEE094E592C6789840C771
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 6d404b561f1d747a1cef7775f4a9039e812e2e1ce28f8376aaf76c1b3f12c922
                                                                                                                                                                                                                                        • Instruction ID: 72a46bb6c0f885eac8f308abca5baefb1225ef5dd8b4b52ffca4a7e1fa9f39aa
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d404b561f1d747a1cef7775f4a9039e812e2e1ce28f8376aaf76c1b3f12c922
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6101A430B002159FDB58E66BE810A2AB7EAEFC0720724E57DE9069B351DF75DC02CB95
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: afd4af44f3e225b07252853a92beb0447bf05892a11cd07625d54a9b8ebaf098
                                                                                                                                                                                                                                        • Instruction ID: d23020a70af3ecdb3461bc6f570aafd157362eee8448fff12ecdd85f53293d8c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: afd4af44f3e225b07252853a92beb0447bf05892a11cd07625d54a9b8ebaf098
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75017C31710201CFC716CB2AE85896AB7B5FFC5215B24D5AEE809DB362CBB6DC02CB50
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: b5e9423a61662cdf468f76a9345169481f8aba555d002117f0140e913b2858bc
                                                                                                                                                                                                                                        • Instruction ID: 80f04e3426fdf1ae99590579aa5906c88297f3eb1376d76ec55691a59491f60e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5e9423a61662cdf468f76a9345169481f8aba555d002117f0140e913b2858bc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AF06231751111CFA7989A3BE894A3E37E99FC6A153044169B906C7360EE60DC22C695
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 9f19cbf8e426e28ea43e60c7ff9332658f1662b6e5c398f0f3103a5a87332196
                                                                                                                                                                                                                                        • Instruction ID: 17482351e21d1a3d1ad8415471717c6e38f1da908d6d919db31c6f43158ae49a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f19cbf8e426e28ea43e60c7ff9332658f1662b6e5c398f0f3103a5a87332196
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1015E30E19198AFCB54DB6AE8949EEBFF5AF8A210F044096F402AB361C63598018B90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: b038304884d176a89ff681d14c89e7ba38620fe2c72f89cb5ea28405b8f8ddf1
                                                                                                                                                                                                                                        • Instruction ID: bbdefd964c32d7af3e1a73bdd53cb9a0cfd578ccc42182f780c17f17411336f0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b038304884d176a89ff681d14c89e7ba38620fe2c72f89cb5ea28405b8f8ddf1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05F04630B55122CFCB58DA3AE860ABD37A95FC291830401AAF442CF3A2DA20CC12CB91
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: d2e9d20e6e2d03ffce77363a3e3641134f3b6916178f4fa5d59c22c1a3c71665
                                                                                                                                                                                                                                        • Instruction ID: cca677b47605dc2515bb366c469aee2020c9d1f9f07b4eee2401d91ef187ff77
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d2e9d20e6e2d03ffce77363a3e3641134f3b6916178f4fa5d59c22c1a3c71665
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40014B307102018FC755DA2AE858926B7AAEFC5221B14D569E909C7361DBB2EC02CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 95d95c111ef206202766237850214b2a57dee576a32cd4a564161189da50bbd4
                                                                                                                                                                                                                                        • Instruction ID: f162891444f010983b7117642835ab8299d42ca7f8b8745c6725a9541c5a8299
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95d95c111ef206202766237850214b2a57dee576a32cd4a564161189da50bbd4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8F0C235B043149FC705AB79F8156AE7BA6EFC1216F04886EE08797381CE3488018B91
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 17876b5401335f26b5f26a553420de1caa45cecb33b8ccd59b944717a1ed4732
                                                                                                                                                                                                                                        • Instruction ID: d9c1632356abe51140b7d39cfb26efcd0723001e332e2e530448c0e7dc71a121
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17876b5401335f26b5f26a553420de1caa45cecb33b8ccd59b944717a1ed4732
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1018131E10A04CBC700AF2CE8056AC7BB4EF96322F00432AF944A7750EB30D5A0C780
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 8fd8ac9ec4d5c2fc363c5465d6bb5a599ebf0456e309f4a5811d86e5abffe7e3
                                                                                                                                                                                                                                        • Instruction ID: 1226c20a35e0f5790008cfd619ef6ed3fa1bcbba66448d6b3b30935c0debe6d8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fd8ac9ec4d5c2fc363c5465d6bb5a599ebf0456e309f4a5811d86e5abffe7e3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6FF0B435E05218EFCB549F66F48446DBFB6EF8476072580A9E42997310CB32AC22CF44
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: adfdf625d4be1c4a2fbbcaa32022182ca04c454ecf656b952d8ffeb9e57d9614
                                                                                                                                                                                                                                        • Instruction ID: b8964d2818dedc9c7520acdf849940f565127a7c0684242f3658e82fcff178ac
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: adfdf625d4be1c4a2fbbcaa32022182ca04c454ecf656b952d8ffeb9e57d9614
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6AF052367085905FC324462DEC189B97FA2EFCA20130880FEF086CBB62C9658802C3A0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2144998679.000000000157D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0157D000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_157d000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: a3ccb79d67fbcf74aa40f79c2e0261f6960bc86d56725334a56c4d15327edbd0
                                                                                                                                                                                                                                        • Instruction ID: f0390dd5e9f906d7f79c5cd12f4fb79faec58dcd487a0ac4568a82db884986af
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3ccb79d67fbcf74aa40f79c2e0261f6960bc86d56725334a56c4d15327edbd0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5F0C2714043849EE7118A09ECC4B66FFA8FF41624F18C05AED080E682C2789840CBB1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: e6780d94bebd89f3fa959c139bec8e032b46c7665623617342b75e20e8238b56
                                                                                                                                                                                                                                        • Instruction ID: 4db7a4e165c7ffa6b03a9166e27f3c081b82596c686c9b631e727986393d7d6d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6780d94bebd89f3fa959c139bec8e032b46c7665623617342b75e20e8238b56
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73F0C231A10618DFCB10EB6EE844C9EFFF8EF86310B10416EE5455B321D631A915CBA5
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: fd201ad5db4376aa5c107097437cbccbb39f03c3654a53d5c083cd1aba591736
                                                                                                                                                                                                                                        • Instruction ID: 3ba0912b0303cf26cee5feca4f6feb42c10447566debbbd7623e09282891a539
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd201ad5db4376aa5c107097437cbccbb39f03c3654a53d5c083cd1aba591736
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB0181329102598FCB61CF78C8857BCBBF4FF01314F6885A9E454D7286E7389606DB80
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 48852effab4ebbaa74b93291ecc9d6bdefcce0db1f3da4e731bd1389b4996093
                                                                                                                                                                                                                                        • Instruction ID: 05819936da265817b1e99ef81d68970fb602e19da5e6be2f026306ee8858f966
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48852effab4ebbaa74b93291ecc9d6bdefcce0db1f3da4e731bd1389b4996093
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CF06231A10B0497CB00BF2CEC054ADBB78EF96322F01832AF98567750EB31D5A4C790
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 6af6c02cb4f08d32f1b34eb53702d7563cb14dacdf4a71979510c5f4cf0e7955
                                                                                                                                                                                                                                        • Instruction ID: 471493d4585e4623f5f2340ac8c7b04e82f0d9e2aafe0a6f96e60fac29e6cbd2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6af6c02cb4f08d32f1b34eb53702d7563cb14dacdf4a71979510c5f4cf0e7955
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4F06D329501098FDB90DF78D8457BC7BF0EB04301F0489B6E818D3241EA389A059B81
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 795429c06d08142f62ccd3203794f7f4a170dbb7567410d593cc9532fc8a106c
                                                                                                                                                                                                                                        • Instruction ID: 29485f1818e02b4322d74cf96b912d3b45510fbd8605cd337d8e82c1507bac37
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 795429c06d08142f62ccd3203794f7f4a170dbb7567410d593cc9532fc8a106c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14F09A363012469FDB06DF29E8548EA7FBAEF8A35036545AAF144CB221DA758D01CBE0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 1747b737410c34d41ddce1f30bd001172f2178d66e55c1e4c906b7446191764e
                                                                                                                                                                                                                                        • Instruction ID: b9ac01c66145533b72484aa2f889ebbb476701a5332792712aabc849f96f3c1a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1747b737410c34d41ddce1f30bd001172f2178d66e55c1e4c906b7446191764e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4601FB70C04259DFDF54DF6AE8043AEBAF1BF48350F208629E824EA2A0D7744A40CFD1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 50894f699f64bc22b05ac3876b0a78f204a5799f48a0094b8804ba0126463849
                                                                                                                                                                                                                                        • Instruction ID: a522a42273712e54737b4737176f45a0358071c6040bcc14aa1363885c95215c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50894f699f64bc22b05ac3876b0a78f204a5799f48a0094b8804ba0126463849
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26F08235B043189FCB18AB7AF44956EBBA6EFC5365B04887DE48687340CF759C01CB94
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 1fe31c3c373cb77d53310d90cd2fffb63db8be233f1a25b603ab871bc20d3d28
                                                                                                                                                                                                                                        • Instruction ID: a0fd2e33cc20c6d5aa269534051e1ddb9068319c6687aabc24586682c781207c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1fe31c3c373cb77d53310d90cd2fffb63db8be233f1a25b603ab871bc20d3d28
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4E039727042286F9304DA6AE884D6BBBEEFBCC674311807AE508C7310DA319C01C6A0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 1c5c3e25fdc6bbd7fa5fd012e7836fd69025112df4de47cb947ad3f765473203
                                                                                                                                                                                                                                        • Instruction ID: cc6538b71a482a9ecd0a76b86b4332a89ba3acaa1156fd914d94701687439fcf
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c5c3e25fdc6bbd7fa5fd012e7836fd69025112df4de47cb947ad3f765473203
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16F08770A1124EEFCB48EFB8F84948CBFB5FB88205B1041A9E846E7210EE341E48DB44
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 29920f1fe0f270e76650bd85b6726981efaa830cf833c59ddeca99d4ffe33ba1
                                                                                                                                                                                                                                        • Instruction ID: 631a5a50f552fdd68df67791e0971862f9562ba72a4f32ea4f48fdd2a46e603a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29920f1fe0f270e76650bd85b6726981efaa830cf833c59ddeca99d4ffe33ba1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7FF0DA716147058FEF58CF19E54299577E5FB4525872009ADE416CF302E7B2EC038B84
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 0f55ad945e8929d6be418ba43ecaed39c7207814c23fe604d2b4d41237d687dd
                                                                                                                                                                                                                                        • Instruction ID: dc840dffc2718e7c4ad928bc1840cb8596517a67509f7c1a17caef7e3fa99d0a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f55ad945e8929d6be418ba43ecaed39c7207814c23fe604d2b4d41237d687dd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BDF03A31620105CFEB80DF6AF44A7A877F0EBC435AF008065F005D76A5DFB48986CB61
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 75c1c96986ccb241f4285d79c2262bb055394aa042715827a6eb24097792aa7a
                                                                                                                                                                                                                                        • Instruction ID: 258dea78851d124daee7e11cb73499f0521a4ed0e7bfa535b32a114385f76c37
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75c1c96986ccb241f4285d79c2262bb055394aa042715827a6eb24097792aa7a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BFF02732309294BFCB03CA5CA904AEA7FA99F89200708408BF994CB162CA78881197A1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: cc72c57888d9c3882e153140aa254d8965de28e8f749d326840179692c2fdcc3
                                                                                                                                                                                                                                        • Instruction ID: 07fb6a9fde8ac6fdf38cf0c13ad410c8b95d1a5dc7a4d7ba6d07a9c15702a4b5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc72c57888d9c3882e153140aa254d8965de28e8f749d326840179692c2fdcc3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8F0E5317093818FE7219779EC107963FE9EF82214F0506FEE559CB682EA389C008792
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 6e2b79152da987bd835adaa0d034e1b6db306215f39886825195a7127b44245d
                                                                                                                                                                                                                                        • Instruction ID: 55891f29292dbfd7fe527e19581ace90fe0105a6bac7eb1462b72b3179ba4c3d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e2b79152da987bd835adaa0d034e1b6db306215f39886825195a7127b44245d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9F03036311205DFDB15EF29E444CAE7BBDEFCA3513504565F6048B225DAB59C41CB90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 1dc79b5f573fac6c80ba2daf67e57192a124a6d2a29b700f179019940e4f97ee
                                                                                                                                                                                                                                        • Instruction ID: ab1a2266f70372182c6b1a84358348c4a0dc71f6582489e9692c673ee5043252
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1dc79b5f573fac6c80ba2daf67e57192a124a6d2a29b700f179019940e4f97ee
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0E02271A2C3885FCB02A766F9448F87FA48E032B871580EBF0584F173C112880AC766
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 18e9dde785e22d1af8abad6e1d335cc1c39fee7c37a1d2ae0c041214fc7a0fef
                                                                                                                                                                                                                                        • Instruction ID: cc005aadcc5b8f826fd7e7d44d46812062ff5bb30198cc992d12784c8275db1c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 18e9dde785e22d1af8abad6e1d335cc1c39fee7c37a1d2ae0c041214fc7a0fef
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93E0ED3362062497C610DF5EF8825B5B7ADE74466A318C096F90CDA611EA62D852D780
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: ad636a4ee1577f2ce59c867942b55d335b19decb70b3f9781dfffc25d35901a0
                                                                                                                                                                                                                                        • Instruction ID: 79b6a4716ed26afb2644fd71d6b997eb2dc4af13667ce07b27e8fd5aea521466
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad636a4ee1577f2ce59c867942b55d335b19decb70b3f9781dfffc25d35901a0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22E02B313082408FCB15CB18F9435967FD1DB413087140A6DF046CF252D762C8438BC1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 7abad4d6b2423150b61555974bc5e0497ec7e11d6a6131076005c34c506199b7
                                                                                                                                                                                                                                        • Instruction ID: 470f34b4e35dd3a1dc569ea4b4533b6fdc1be540de10f4db883f20eaacd6ea95
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7abad4d6b2423150b61555974bc5e0497ec7e11d6a6131076005c34c506199b7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCE0863675002497C204D7ADE892B6E77EACFC5756B00802BF609D7751ED649D134391
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: f672ad7934a2014ead5619dd4f7e806d1eb466e6309d40148efe60bd7a1be877
                                                                                                                                                                                                                                        • Instruction ID: f1a1028b533a9990e15b12bbbb1969f2188a9cce592ddb1d262caf6b1e039b3b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f672ad7934a2014ead5619dd4f7e806d1eb466e6309d40148efe60bd7a1be877
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9E09232304148ABCB06DA5DE804E9EBFEEEBC8351B08801AF959C3151CAB5981197A5
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 2843394e198f48758223c54dcc4cece9d777d56245b6c3559a5bae4cf92b7e45
                                                                                                                                                                                                                                        • Instruction ID: 28a417ec75d1df4c327a819ec5d1ce38bd4bfd785ff5a73da38a11dfe8031b87
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2843394e198f48758223c54dcc4cece9d777d56245b6c3559a5bae4cf92b7e45
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98E0D83160D3515BC326961DE89044BFB96DED5220748456EE2158F225DEA45C068396
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: c5897e67034c80fc6a4208dc6eca51b34186dc7b4acb32d9cb2c7d2c291b4128
                                                                                                                                                                                                                                        • Instruction ID: c5d8b8845f62f5c9ea7cba466efa19f74e2fd64e5d8e471f6779fcf0ef5cd1b4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c5897e67034c80fc6a4208dc6eca51b34186dc7b4acb32d9cb2c7d2c291b4128
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8FE0C23A760A150BC728A60EE80497E779BEFCCA21B1880F6F00AC7766DE72CC414794
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: d4556779894996989af4eb57d90fd953bec57f03b9e33d91fae7dc30e5c14f00
                                                                                                                                                                                                                                        • Instruction ID: 91c14815be300622511266ec90749eab910ae5bd077be36ddb22e4dd33796def
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4556779894996989af4eb57d90fd953bec57f03b9e33d91fae7dc30e5c14f00
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2F03935D0924CAFCB01DFA4D8844EDBFB8EF88204F1042E6D845E3211EA301B15CF91
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 49edfb94ef27eda069037e9361329889cd798efafd69888f2252dcca23335e2c
                                                                                                                                                                                                                                        • Instruction ID: 208b240b0f8291bbf81ac54619109761c1e9bf20cb9dd3c4340b1e507aa8a20d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49edfb94ef27eda069037e9361329889cd798efafd69888f2252dcca23335e2c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2AE01226B495A50B96CB36657C701BD1F114B92491709119EE0AADF3A2CD180E2B83DA
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: e09fd228d839fb35c34c0168758889503dda1e8a737dbf00e362eb706e1640f3
                                                                                                                                                                                                                                        • Instruction ID: ba1cba9b6482b0a6ddac9a264d78b02ef88fb027ba5c005cd341c68bf0864c42
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e09fd228d839fb35c34c0168758889503dda1e8a737dbf00e362eb706e1640f3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8AE0263534E3900FC70A871CA9243E67FD14FC6640F0980FBE04CCF796C56848004396
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 7f0ecc01b824567403218dfa2140c85e1034bb4b73e3bab0746016ea23ba49d7
                                                                                                                                                                                                                                        • Instruction ID: bcf31d11c5ec48162d900cbce9bbc678b064867fbcab91c6df10956aaac490ef
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f0ecc01b824567403218dfa2140c85e1034bb4b73e3bab0746016ea23ba49d7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7EE086307012058BE764A77AFD10B967BE9EF80255F04157CA619C7280EE71EC0087D1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 7e8cc92084fa5b9b51afa7ff93679a30f6d1a93d5f442a4ec38f1d47a1e82943
                                                                                                                                                                                                                                        • Instruction ID: be1e702c9b44b4f1dabe482c9028b63b150aba5685063322b7d488eab5c47223
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e8cc92084fa5b9b51afa7ff93679a30f6d1a93d5f442a4ec38f1d47a1e82943
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8D05E2230017817C54462BE6852A6F7AAFCBC6BA6B40803BEA06C7380DCA19C0243E1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 38c87834d0bd82b66061336bbd4c8b55228f1143a6f5f5584a834eaf63276989
                                                                                                                                                                                                                                        • Instruction ID: dc079e9bda16aad6bac1de91c33331aa43e4fb920d7b106928c7edd19aca29f9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38c87834d0bd82b66061336bbd4c8b55228f1143a6f5f5584a834eaf63276989
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5AF0A0359042858FC710CF64D800A58BBB1AF06320F1042DADC608B3A2D3348946DB81
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 3f8da2cf40f8f79f5aa8d1c848f037442ab30835dafaf3a12b6d396a7400b10a
                                                                                                                                                                                                                                        • Instruction ID: 39f02e3b81ed135ffafe5797314173061f0f7255cc28e5d1ce2e2d07f262c97d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f8da2cf40f8f79f5aa8d1c848f037442ab30835dafaf3a12b6d396a7400b10a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8E04F3A104248BFCB029F88EC40CD53F79EF4A2107048086F9498B522C232E921DB92
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 7ad208cfcb646532fd2e9f16754a2f5f41b1f9f8fb596068f542b11227c7fc53
                                                                                                                                                                                                                                        • Instruction ID: fdc141cfe42fe7c3df67edee158684556958918aa6edf39748627e2d2994d9d1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ad208cfcb646532fd2e9f16754a2f5f41b1f9f8fb596068f542b11227c7fc53
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0E09A3100808AAFCB01CF58D985A993FA1EF06224F084285F954DB2A3C73A9AA2DB41
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 0cb9afbdaf6376bfc5d08200e0b19016150de3305b9adede00e6d3cc72309d2c
                                                                                                                                                                                                                                        • Instruction ID: 132464937e9d6216ba760e19d273afbf441f1de5a4e30cd640fa8f8e14941c54
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0cb9afbdaf6376bfc5d08200e0b19016150de3305b9adede00e6d3cc72309d2c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1FE01A71914218EFCB80EF39E9456997FF0BB16314F00C52AF859CA110E774D2558F81
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 008b0dfef1cdcf9eb98ec9da1dfced9d718c8ba071894be84f276421ab948b33
                                                                                                                                                                                                                                        • Instruction ID: ff27f803e9a5d6afcceb2b453a669e3e0c35781bf7ee19c6ed5c09a09e81dbf7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 008b0dfef1cdcf9eb98ec9da1dfced9d718c8ba071894be84f276421ab948b33
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44E09A35610115CFCB84DE6AF449BE877F5BB84256F4440A5F115EB2A1DF349985CB10
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: b81c0f2cc6c3aea7cd792e8be61f541cc09208acf69a166b135927a667d38dd2
                                                                                                                                                                                                                                        • Instruction ID: 09f79ed4f76ab72d81fdb38cc33243ecd00d9821adc05d74baca4bb883ad657a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b81c0f2cc6c3aea7cd792e8be61f541cc09208acf69a166b135927a667d38dd2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FCE01A74E00208EFC750DFA9E444A9DBBF0FF48300F0081AAE81597320D7709A40DF90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 9ff89dbb8ef604dac98085d1e46240934ab50f3016bf8b45c5d890d292948ab8
                                                                                                                                                                                                                                        • Instruction ID: 92194394f19bca31e58cc58b14ba30d37b5a0133bc634c59d48b6a23c07faa9f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ff89dbb8ef604dac98085d1e46240934ab50f3016bf8b45c5d890d292948ab8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0BE0C732114A448FC3429B3CEC848E03F30EFA630574602E7E084CF226EA39D986CB60
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 750a7e175bc149219a0cc20a4bde0cfcd0d1ccc505ffe4a6218a07b4a73679a1
                                                                                                                                                                                                                                        • Instruction ID: 6ac1f907c7966c02276374c6261c261bcb0bfe6cb9c7f29363f09a05ffbe010f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 750a7e175bc149219a0cc20a4bde0cfcd0d1ccc505ffe4a6218a07b4a73679a1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30E09A75D1020CEFCB40DFE5D5459DDBBB9EB48205F1082E6D805A3200EB305B55DF81
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 301472acca4323a18827836e5213771543191d54e4a1babbafa9e76bc142d6c4
                                                                                                                                                                                                                                        • Instruction ID: a168a2fed4641c65d235b11716500793da96615195474bad82b66920eab7ad53
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 301472acca4323a18827836e5213771543191d54e4a1babbafa9e76bc142d6c4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77E02673D043949FD3A18F59F4847C07F24EB01325F86509AE098A7361C779DC40CB42
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 16398432bb716d7dca7c07a7d7fc4b120a2409ab95e1cca20ef6f9eac0ad5be8
                                                                                                                                                                                                                                        • Instruction ID: 713d972d1b0b7da1b0603309218519cc8abd1f996e1e74cfb670572c85124da2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16398432bb716d7dca7c07a7d7fc4b120a2409ab95e1cca20ef6f9eac0ad5be8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DCE0E23180010CBFCB00DFA8D9458ADBFB5EB44201F5085A5FC48E6291E7319BA4ABA1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: d3225f3378406aa6d4e9e5e405a63636d1d29200f43193855ea88e07c1738865
                                                                                                                                                                                                                                        • Instruction ID: 1e0715c7d680b405ae00901fbe256de74003ff888b5593c5e0173e056d564ff7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3225f3378406aa6d4e9e5e405a63636d1d29200f43193855ea88e07c1738865
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7ED05E357453180BC709664CA0107DA76CE8FC9A90F0480BBE50D8B784C9A19C0003D9
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 02c35c56307ac6001b51627e03d1dda112c3b825573c5aa1db4940c8407c9ebd
                                                                                                                                                                                                                                        • Instruction ID: 73426b9597eb06b82cbeb6e91cd03522ec58ca3212fc0108a2dc34e1e9ea4d6c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02c35c56307ac6001b51627e03d1dda112c3b825573c5aa1db4940c8407c9ebd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83C01222B458391349DD315ABC2057D6A494BD19E0604006DF52EC7791DE491D2602CE
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 35efda9c3b25f90f92c52cdc88843e8eecccf0930fed3ac0eb0c52067cf8f5eb
                                                                                                                                                                                                                                        • Instruction ID: 740f553fab2942c33245481ad9bf9d47feac7c611e8977d597bddd02883483b3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35efda9c3b25f90f92c52cdc88843e8eecccf0930fed3ac0eb0c52067cf8f5eb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2E0EC3182071CEECB80EF76E544499BBF8AB15211F00C53AF81DDA110EB70D2A4DF80
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 8d5c4e1948e0b6574e07ec40028a51717f0bac575a63cfe4ce9facbbdd74a410
                                                                                                                                                                                                                                        • Instruction ID: f7adec62f3bfa37653afe1579e57b5c62c5377439d1662f70bcea10c452475f2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d5c4e1948e0b6574e07ec40028a51717f0bac575a63cfe4ce9facbbdd74a410
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31E0C731A04028CBCB118B76F58E3AE3B10AFC038AF088069E41ACB681CF388531CB85
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 012b4788863be164a6888d55c39a534bfee4b209fb8807733650cc7ecadaf811
                                                                                                                                                                                                                                        • Instruction ID: 4280f7840ad914dcd7ec6feebe1be79bb41eaa4eaad5a6bdb4d29b9e9aa064be
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 012b4788863be164a6888d55c39a534bfee4b209fb8807733650cc7ecadaf811
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5E05E72B444109FC704DF9CE9D1AA93FA1EF59665B0140A6F509CF336CA34EC12CB89
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 8048d6846f6f75dcf03632493fad91607754d44ec40b097b4367c8d500ea6127
                                                                                                                                                                                                                                        • Instruction ID: d66b461ff27fccb493f48fad726df99ab25e8d7a579564fdb27a78e48b8678b2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8048d6846f6f75dcf03632493fad91607754d44ec40b097b4367c8d500ea6127
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFD0C9327401249F8704AB59E814CA97BADDB596A1301406AF905CB331CA61ED5197D9
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 4f112923bf73382037636cd64c5ca60045fbd54ca115e747bba8727d43c12745
                                                                                                                                                                                                                                        • Instruction ID: eb266f76f2269d3d04d62a0ade8c805dd4ff79f419292db784a0762128fe9cc4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f112923bf73382037636cd64c5ca60045fbd54ca115e747bba8727d43c12745
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0D0C93162012C9BC7155A67F40D6AF7B58ABC07A1F448129F506C6280CF649A60CAD5
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 117886e088370d1235269cb922446abeb327ba48104ffb8338ca19c3830e5672
                                                                                                                                                                                                                                        • Instruction ID: 84f0d450153532acb0c2dc57015befdeaddb0258c781aefcf42570f35d4cdd64
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 117886e088370d1235269cb922446abeb327ba48104ffb8338ca19c3830e5672
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05D012B71572909FC3836B10DC15D65BF65FF1325830880C6D0419A473D5228028D727
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 635184865cf11307613b5a9db86e077f0ce4d9104d5b4fd6f3b1d07d3d27f344
                                                                                                                                                                                                                                        • Instruction ID: c122311897f2c7dcf3f838c170ab2336dae33bc143751b63382b6ab05733d626
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 635184865cf11307613b5a9db86e077f0ce4d9104d5b4fd6f3b1d07d3d27f344
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66D01231510B04CFC300EF6CE94586477B8FF45709B450195E2059B331FB31F8548B55
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: f53c18ce74fc57e6b8fe8d38464d38810a5a723f5cbf06562a2657be7771a46c
                                                                                                                                                                                                                                        • Instruction ID: e428763cbc0eca2e287c038b056a2cdf156ba0d84120d20db090d3af54038e10
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f53c18ce74fc57e6b8fe8d38464d38810a5a723f5cbf06562a2657be7771a46c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2C01272F0416547DA455798B5453697B619F41615714418FE81EC7210DD2C48128348
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: a504770f207906e7796abf8503517d475f13b57d3bd451313156c9d5d293bfa5
                                                                                                                                                                                                                                        • Instruction ID: 5939349b85fef72f8377123db8109557dc858af8882812c8e0f4b17b82075928
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a504770f207906e7796abf8503517d475f13b57d3bd451313156c9d5d293bfa5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CD02236300100BFC781AFA0CC00DE63F18AB08230B00D28FF51C0E591C2328812D790
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: a808cfd148799f7c863057ab4173e749cd84ba80b5761f6f65affae32b2f67a4
                                                                                                                                                                                                                                        • Instruction ID: 9f40c2996228645d085e8430f07a17dccfb42c700cfc0f239da7d66481eaa162
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a808cfd148799f7c863057ab4173e749cd84ba80b5761f6f65affae32b2f67a4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03B0923271873C130D49329E78154AEBBAD9A89A61304416FFD1E83340AEA91D0142DE
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: c27e3852beae0d63ebd302351c82e15bb83c069ac484aa89f0f066f1433c5b11
                                                                                                                                                                                                                                        • Instruction ID: d6c6a86fe63b8c267c515e173c755846dfc372decc392f831860b278f1ded0e5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c27e3852beae0d63ebd302351c82e15bb83c069ac484aa89f0f066f1433c5b11
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29C08C36300208BFDBC1AFD4DC00D567B6DAB08710F50D005FA0C0E201C272EC62DBA4
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 0861b6603b56be6c55511682bb489b15cf8db3d231881f0440f31b1c29eb9cf9
                                                                                                                                                                                                                                        • Instruction ID: 14ded4eea9cc43f3b62617a3372f5e0a609b4aab5ef600a1d5977df67818556f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0861b6603b56be6c55511682bb489b15cf8db3d231881f0440f31b1c29eb9cf9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20D022328141008ED664BB3CEC203447F20FF33208F400105D040AB101E228A0A4C348
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 09ad0cb1bfbee3bf4ddfd1d00676b765c63460c1d499dac7768ffb32fe644feb
                                                                                                                                                                                                                                        • Instruction ID: c84adb98cf20435350ad8ef8aa886e5e236eb49f75c4e9face3e8ff0c95262bf
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09ad0cb1bfbee3bf4ddfd1d00676b765c63460c1d499dac7768ffb32fe644feb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 56C04C32144108BBCB427E81DD01E5ABF2ABB55794F148059F7180D161D773D963EBD4
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 1dbc4e911c90c48437960b276878f2393ecc0d0c9c9d93e7524edcaa75a889cf
                                                                                                                                                                                                                                        • Instruction ID: 12d5bf638d2d34c731ce2afeb2a8970632e867e21011293bf96ac0204d8a2881
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1dbc4e911c90c48437960b276878f2393ecc0d0c9c9d93e7524edcaa75a889cf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09C04C39004104EE9681AF55D98482ABEE5FB55700B849855B15545060DA21952D9757
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                                                                                                                                                        • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: 98R
                                                                                                                                                                                                                                        • API String ID: 0-576591972
                                                                                                                                                                                                                                        • Opcode ID: 7086f288512559d19e3fb2ae53a7732d9abe6fb22afe174f2a6b361faa107e40
                                                                                                                                                                                                                                        • Instruction ID: 6056524382e8e4232400be927bc962c7b894a054acf2e2b9eb0bacb0621c8d93
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7086f288512559d19e3fb2ae53a7732d9abe6fb22afe174f2a6b361faa107e40
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 907136B4E1520ADFCB04CFA9D5819AEFBB1FF89310F14946AD415AB314D338AA42CF94
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: iUfo
                                                                                                                                                                                                                                        • API String ID: 0-3820436262
                                                                                                                                                                                                                                        • Opcode ID: 20f2e3fdf109b2b1086ce3e184eff6b45299378ef806ec3ca38c55743f402894
                                                                                                                                                                                                                                        • Instruction ID: 4796d790388017c70d984baf8ba61b4c2a4670986d12b8139079a581e78c1ca6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 20f2e3fdf109b2b1086ce3e184eff6b45299378ef806ec3ca38c55743f402894
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA5104B4E15219DFCB14CFAAD9455EDBBB2FF8A300F14802AE405FB254EB349A41CB54
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: iUfo
                                                                                                                                                                                                                                        • API String ID: 0-3820436262
                                                                                                                                                                                                                                        • Opcode ID: 53ece20f235057311f71383f226ec7c65404e654788da318f9e85f8849d3bf1c
                                                                                                                                                                                                                                        • Instruction ID: 7f0ecf71682655ba0a86a6c22cbda62572f0e582c206d94ed187fdd7c536450a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53ece20f235057311f71383f226ec7c65404e654788da318f9e85f8849d3bf1c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9151E2B4E15219DFCB18CFAAD9455AEFBB6FF89300F10902AE405BB254EB349A41CF54
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: -2m
                                                                                                                                                                                                                                        • API String ID: 0-2686427999
                                                                                                                                                                                                                                        • Opcode ID: 7a53f3938f9a87912552b25782fa6491e2725e38a4c39d32a02bded01779e67b
                                                                                                                                                                                                                                        • Instruction ID: 4c7c2f18cf97dc8e6069a38ffdde52e03658c8471ab7fc76d5e413387f1a8bc5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a53f3938f9a87912552b25782fa6491e2725e38a4c39d32a02bded01779e67b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9511BB0D142198FDB08CFAAD5406AEFBF2FB89300F28D16AD419A7254D7349A418FA4
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: w7e^
                                                                                                                                                                                                                                        • API String ID: 0-1657886525
                                                                                                                                                                                                                                        • Opcode ID: 4d8ecdf7d14e0c3343858db1f74e4b601a6257783ae94aa59a04eeafd2728358
                                                                                                                                                                                                                                        • Instruction ID: b3edff61f744cc853bd98bd7dcb4c170ee19049616a8d58bd786103df1a26516
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d8ecdf7d14e0c3343858db1f74e4b601a6257783ae94aa59a04eeafd2728358
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 414115B4D25659DFCF04CFAAC9406EEFBB1FB8A201F14982AC416B7254D7384642CF68
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: w7e^
                                                                                                                                                                                                                                        • API String ID: 0-1657886525
                                                                                                                                                                                                                                        • Opcode ID: 204254d1dcdfb3056b994276de67d01a3d3fe88c7a1b22a2d3cd09fc13aea74d
                                                                                                                                                                                                                                        • Instruction ID: c50b0870e2f794f6a7ad3a435b040d4b557fa40d6d5cfb381aa3d7f558b6ea89
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 204254d1dcdfb3056b994276de67d01a3d3fe88c7a1b22a2d3cd09fc13aea74d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 084145B0D15699DFDB04CFAAC9406EEFBB1BB8A300F14986AC406B7254D7384642CF59
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: 0ni
                                                                                                                                                                                                                                        • API String ID: 0-1488673370
                                                                                                                                                                                                                                        • Opcode ID: 485e6d1e5e604da8201fbba697732ba0a27c8d830a6616d3ac78df10bffab668
                                                                                                                                                                                                                                        • Instruction ID: 77916428a47b9fa08a6b3e932b20e682c8f4e2d8524dbdbd411e0257c4aacdcf
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 485e6d1e5e604da8201fbba697732ba0a27c8d830a6616d3ac78df10bffab668
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1517BB1E146588BDB68CF6B994579EFBF3AFC8300F14C1BAD50DA6214EB300A858F51
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: d402ba68f1045a010479bc5346f37acbf2dc6ca29587281bca3e8ef40dae6114
                                                                                                                                                                                                                                        • Instruction ID: f952265d4fd3b74ab3a345ef9c9e119e8e865e5bd5015a849de8341c1b3a296f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d402ba68f1045a010479bc5346f37acbf2dc6ca29587281bca3e8ef40dae6114
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93E116B4E002599FCB14DFA9D580AAEFBF2FB89305F249269D414AB355D730AD42CF60
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 50f522744365673ad972a17e08467da76567275d73ae8d689f940353e6e2df74
                                                                                                                                                                                                                                        • Instruction ID: 457858136b91231e3e1d52bcd5aaa8fa4f188d2685afc5993a816773d89a1e37
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50f522744365673ad972a17e08467da76567275d73ae8d689f940353e6e2df74
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94E1F7B4E002599BDB14DFA9D580AAEFBF2FF89305F249269D404AB355D730AD42CF60
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: cfdacb4ac69b035fc7c36c66393653eab8ae9ff494e64a43f2959b8ab94a1a30
                                                                                                                                                                                                                                        • Instruction ID: 434d6c7fd6ab4c644f8df56f44c3ec812a1eb5e6e65bb48fff6b57726e50ef64
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfdacb4ac69b035fc7c36c66393653eab8ae9ff494e64a43f2959b8ab94a1a30
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4FE109B4E002599FDB14DFA9D580AAEFBF2FF89305F249169D404AB356D730A942CF60
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: fa3914d1a7517bc723425169cd73c4e38f639a43e7c34eb6cfed2dcbb325563c
                                                                                                                                                                                                                                        • Instruction ID: f8dad0cf320192d13b50cc2e4f1df295dc2e81068ca29359f92863407c4b401e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa3914d1a7517bc723425169cd73c4e38f639a43e7c34eb6cfed2dcbb325563c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDE107B4E002599FCB14DFA9D580AAEFBF2FF89305F249269D414AB355D730A942CF60
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 2e152edd3c0245856c86329ce8211bda22a5d6bf5430020c32eadbe98e0e9934
                                                                                                                                                                                                                                        • Instruction ID: c1a942d2eab730209d796f5cab9f73093e76acaf94a8a562f89b49becabcc528
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e152edd3c0245856c86329ce8211bda22a5d6bf5430020c32eadbe98e0e9934
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4AE106B4E012599FCB14DFA9D580AAEFBF2FF89305F249269D414AB315D730A942CF60
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: f2c25b68414fc283168a5bc641c7082bff8eba01bc122f58e2e4c3f70ffe92c0
                                                                                                                                                                                                                                        • Instruction ID: 600232b9f1c21716d50bc8a282f1a1a7ea82f35b327557654035cfa51ad24b32
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2c25b68414fc283168a5bc641c7082bff8eba01bc122f58e2e4c3f70ffe92c0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BDD1D43192075ADACB11EF64E894699B7B5FFD6200F20979AE1493B210EF706EC4CF91
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2145794660.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_3070000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 7c5b526712bfcedb0a0be4f70571fa800c07a27c1d4ea8ccb0b45399331938dc
                                                                                                                                                                                                                                        • Instruction ID: 725257157895443a8805e3656282fb029ad05b78758d5604a77a10d7c9a2ba53
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c5b526712bfcedb0a0be4f70571fa800c07a27c1d4ea8ccb0b45399331938dc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9FA15E36E0131A8FCF15DFA4C8405EEBBB2FF85300B1585AAE805AB265DB71E915CB84
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2155300567.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6660000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 408c4165eb9e39b3eb7c857daa7325e1951e9fb50849166ea731c1b57c65d9c8
                                                                                                                                                                                                                                        • Instruction ID: fd03e6ee06c1a6682933565c920ca5eb5dc1b077c248f4dc45b0f2fe471813e2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 408c4165eb9e39b3eb7c857daa7325e1951e9fb50849166ea731c1b57c65d9c8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38D1D43192075ADACB11EF64E994699B7B5FFD6200F20979AD1493B210EFB06EC4CF90
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 3daa342298e5f50461df451b2fc67c7e59e654ea9a1024ece8b6569f937c51ed
                                                                                                                                                                                                                                        • Instruction ID: 741ffdfa3458e5a20600c8f74578fecad77bf51958c88c5901027eabf4cec207
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3daa342298e5f50461df451b2fc67c7e59e654ea9a1024ece8b6569f937c51ed
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9291C2B4A1561ACFCB04CF9AC58499EFBF1FF89310F249559D419BB220D334AA42CF51
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 1b77e945f0b49ae5de2c6349ee18100f2f49bcdcdff43bcbc9a804ef88dc1f39
                                                                                                                                                                                                                                        • Instruction ID: dfa845f3f59e57849246a2c159107f0953884af04dbabc91fe7c849f2e5ccd59
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b77e945f0b49ae5de2c6349ee18100f2f49bcdcdff43bcbc9a804ef88dc1f39
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8281F4B4A25219CFCB04CFAAC58499EFBF1FF89310F14956AD415AB320D334AA41CF51
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 587c98a245682f4e1d57655a44b8dbc96600b71641057ccebc2dc6a5832b71ca
                                                                                                                                                                                                                                        • Instruction ID: 83e48cbcf3f23056df68cfabd0fe031d24a14d70ea79a92d5e747679f5b5ee64
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 587c98a245682f4e1d57655a44b8dbc96600b71641057ccebc2dc6a5832b71ca
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7813DB4E002698BDB14DF69D5806AEFBF6FB89301F24C2A9D418A7355D7309A42CF61
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 854c2153b9e176eb649ea77805cb5e722192e861e70f4eaa9dea0396c42f885c
                                                                                                                                                                                                                                        • Instruction ID: b0eb7fc4e8fdd0dd956e6f96e0e0f98c1e13ad0eab050c174ce9585dd992f8e2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 854c2153b9e176eb649ea77805cb5e722192e861e70f4eaa9dea0396c42f885c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 537106B4E1560D8FCB04CFAAC5855DEFBF2FF89210F24946AD416F7264D3349A428BA4
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 0a9a1f196850bd89f198e51a0a6fd7eadf33d4d5100f71174def8554f275a333
                                                                                                                                                                                                                                        • Instruction ID: 57d11811c57c7e89d95627fed97ad966b2c871e85ad536bb6cd27658939709a3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a9a1f196850bd89f198e51a0a6fd7eadf33d4d5100f71174def8554f275a333
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA71E5B4E1560DCFCB14CFAAC5855DEFBF2FF89210F24942AD416B7264D3349A428B64
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 15eaf224b52d40f48565dd137370d93bfa2310fad781447e5f13fd1a7ab06664
                                                                                                                                                                                                                                        • Instruction ID: a3aabd5f8330d64e91fac632c5f9be364e0f92fd0680c4f309da05b33ebafa04
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15eaf224b52d40f48565dd137370d93bfa2310fad781447e5f13fd1a7ab06664
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8514CB4E052198FDB14CFA9D5805AEFBF2FF89304F248169D408AB356D730A946CFA1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156883374.0000000007EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EA0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ea0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 88e76cbf1a5d191c4df1588071f486ed2d3b2043e442420160b8175009c27eca
                                                                                                                                                                                                                                        • Instruction ID: 7532306e53a3e3065cc1134e0d58e482b95ff00f3a51f97cc584c1a7cdbdf01e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88e76cbf1a5d191c4df1588071f486ed2d3b2043e442420160b8175009c27eca
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C41D9B9D2A219EFCF04CFAAD4445EDBBF9BF8A310F18A125E415AB315D730A941CB50
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: ba3f5987bcda5a65dca83b8b5d53b807e96e010bcecef3ffe7f5fa2f2577a13c
                                                                                                                                                                                                                                        • Instruction ID: 0f17745a3f115c9a73b9b3ffb27a359cb85c76104ae0307498f076f1fb69dfb1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba3f5987bcda5a65dca83b8b5d53b807e96e010bcecef3ffe7f5fa2f2577a13c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A4118F0E0520ADBDB04CFEAC5825AEFBF2EF88300F24D56AC515A7254D7349A418FA5
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 32b4425f4f09ed3e80012c89af400b96e203fd34ace708cf0966eeddc67786fe
                                                                                                                                                                                                                                        • Instruction ID: 279094044fa3e99c66f08bb01db1aa8a579a584f12f9feefa9440a327308e33a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 32b4425f4f09ed3e80012c89af400b96e203fd34ace708cf0966eeddc67786fe
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E41F7F0E0520ADBDB44CFEAC5826AEFBF2EF88200F24D569C515B7214D7309A418BA4
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 9547a9171778595d9990d4f63e4fe3042e9d2a1503c42edf11a47bf0c033605e
                                                                                                                                                                                                                                        • Instruction ID: dc64c788e9a38d43e49b466077f777ba14e70b37ddceae15393ec9d37c56efa1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9547a9171778595d9990d4f63e4fe3042e9d2a1503c42edf11a47bf0c033605e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8412CB0E1560ADFDB44CFA6D5426AEFBF1EF8A300F20D46AC015B7264E3749B418B94
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 16c0830ff98fb6c8422b64c396d976bb8881472e945b430103f517a3ca41632f
                                                                                                                                                                                                                                        • Instruction ID: 06d3edfaf3b416c5ca5a727d08e3cee0e4a8ca5d632eee5dfc36a0b07f441b90
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16c0830ff98fb6c8422b64c396d976bb8881472e945b430103f517a3ca41632f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58413DB0E1560ADFDB04CFA6D5426AEFBF2EF8A200F24D46AD005B7264D3749B41CB95
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: d72b5fbb4d8cac88b5cb286312492a3bb8f4c0f6cd9f97245ae634caa24148e7
                                                                                                                                                                                                                                        • Instruction ID: 452da9b55fa0367cc38523f96f32322f620c581ed7e1ab5ae1d407f80b6a4f65
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d72b5fbb4d8cac88b5cb286312492a3bb8f4c0f6cd9f97245ae634caa24148e7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA41F4B0E0560A9FCB48CFAAD4856AEFBF2BF89300F14C56AC415A7254D7359A42CF94
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 403d390a9702f48cfb3842729340d94d19dae6897c9b55b92c823de5e2ddc420
                                                                                                                                                                                                                                        • Instruction ID: 76ec707227f52f9ed8ca30ff2c23d1357dd2da0a822f560fc2a6521f46a9adf3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 403d390a9702f48cfb3842729340d94d19dae6897c9b55b92c823de5e2ddc420
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8541D3B0E0420EDBCB48CFAAD4856AEFBF2BF89300F14C56AC415B7214D7359A418F94
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2156771009.0000000007CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CC0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7cc0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 8b0df4029cd94b9ef0b17295409a9854b3ead7769441b4d12386031ea1624a80
                                                                                                                                                                                                                                        • Instruction ID: 714cce0ec38d5e95c17ac0728b5d719be22aa9aa7728d99e1e8a9adce3df7416
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b0df4029cd94b9ef0b17295409a9854b3ead7769441b4d12386031ea1624a80
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5811DAB1E006189BEB18CFABD8406DEFBF7AFC8200F14C07AD918B6214EB7016568F51

                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                        Execution Coverage:11.5%
                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                        Signature Coverage:2.9%
                                                                                                                                                                                                                                        Total number of Nodes:140
                                                                                                                                                                                                                                        Total number of Limit Nodes:12
                                                                                                                                                                                                                                        execution_graph 45249 6b054c0 45250 6b054e7 45249->45250 45251 6b05557 45250->45251 45254 6b06cc0 45250->45254 45258 6b081de 45250->45258 45257 6b06cc5 45254->45257 45255 6b081c8 45256 6b0767b LdrInitializeThunk 45256->45257 45257->45255 45257->45256 45261 6b06e60 45258->45261 45259 6b081c8 45260 6b0767b LdrInitializeThunk 45260->45261 45261->45259 45261->45260 45170 28c4668 45171 28c4684 45170->45171 45172 28c4696 45171->45172 45176 28c47a0 45171->45176 45181 28c3e10 45172->45181 45174 28c46b5 45177 28c47c5 45176->45177 45186 28c48b0 45177->45186 45190 28c48a1 45177->45190 45182 28c3e1b 45181->45182 45185 28c6ff8 45182->45185 45198 5056948 45182->45198 45208 5056938 45182->45208 45185->45174 45187 28c48d7 45186->45187 45188 28c49b4 45187->45188 45194 28c4248 45187->45194 45192 28c48b0 45190->45192 45191 28c49b4 45191->45191 45192->45191 45193 28c4248 CreateActCtxA 45192->45193 45193->45191 45195 28c5940 CreateActCtxA 45194->45195 45197 28c5a03 45195->45197 45199 505696b 45198->45199 45200 5056c7a 45199->45200 45218 5057250 45199->45218 45222 5057260 45199->45222 45226 5057219 45199->45226 45205 5057250 KiUserExceptionDispatcher 45200->45205 45206 5057260 KiUserExceptionDispatcher 45200->45206 45207 5057219 KiUserExceptionDispatcher 45200->45207 45201 5056d9e 45205->45201 45206->45201 45207->45201 45210 5056948 45208->45210 45209 5056c7a 45215 5057250 KiUserExceptionDispatcher 45209->45215 45216 5057260 KiUserExceptionDispatcher 45209->45216 45217 5057219 KiUserExceptionDispatcher 45209->45217 45210->45209 45212 5057250 KiUserExceptionDispatcher 45210->45212 45213 5057260 KiUserExceptionDispatcher 45210->45213 45214 5057219 KiUserExceptionDispatcher 45210->45214 45211 5056d9e 45212->45210 45213->45210 45214->45210 45215->45211 45216->45211 45217->45211 45219 505726d 45218->45219 45220 50572b7 45219->45220 45221 50572cd KiUserExceptionDispatcher 45219->45221 45220->45199 45221->45220 45223 505726d 45222->45223 45224 50572b7 45223->45224 45225 50572cd KiUserExceptionDispatcher 45223->45225 45224->45199 45225->45224 45227 5057222 45226->45227 45228 505726d 45226->45228 45227->45199 45229 50572b7 45228->45229 45230 50572cd KiUserExceptionDispatcher 45228->45230 45229->45199 45230->45229 45262 28cd0b8 45263 28cd0fe 45262->45263 45267 28cd298 45263->45267 45270 28cd289 45263->45270 45264 28cd1eb 45268 28cd2c6 45267->45268 45273 28cc9a0 45267->45273 45268->45264 45271 28cc9a0 DuplicateHandle 45270->45271 45272 28cd2c6 45271->45272 45272->45264 45274 28cd300 DuplicateHandle 45273->45274 45275 28cd396 45274->45275 45275->45268 45276 28cad38 45277 28cad47 45276->45277 45280 28cae20 45276->45280 45285 28cae30 45276->45285 45281 28cae41 45280->45281 45282 28cae64 45280->45282 45281->45282 45283 28cb068 GetModuleHandleW 45281->45283 45282->45277 45284 28cb095 45283->45284 45284->45277 45286 28cae64 45285->45286 45287 28cae41 45285->45287 45286->45277 45287->45286 45288 28cb068 GetModuleHandleW 45287->45288 45289 28cb095 45288->45289 45289->45277 45290 ebd01c 45291 ebd034 45290->45291 45292 ebd08e 45291->45292 45295 5050ad4 45291->45295 45304 5052c08 45291->45304 45296 5050adf 45295->45296 45297 5052c79 45296->45297 45299 5052c69 45296->45299 45329 5050bfc 45297->45329 45313 5052d90 45299->45313 45318 5052e6c 45299->45318 45324 5052da0 45299->45324 45300 5052c77 45305 5052c45 45304->45305 45306 5052c79 45305->45306 45308 5052c69 45305->45308 45307 5050bfc CallWindowProcW 45306->45307 45309 5052c77 45307->45309 45310 5052d90 CallWindowProcW 45308->45310 45311 5052da0 CallWindowProcW 45308->45311 45312 5052e6c CallWindowProcW 45308->45312 45310->45309 45311->45309 45312->45309 45315 5052db4 45313->45315 45314 5052e40 45314->45300 45333 5052e48 45315->45333 45336 5052e58 45315->45336 45319 5052e2a 45318->45319 45320 5052e7a 45318->45320 45322 5052e48 CallWindowProcW 45319->45322 45323 5052e58 CallWindowProcW 45319->45323 45321 5052e40 45321->45300 45322->45321 45323->45321 45325 5052db4 45324->45325 45327 5052e48 CallWindowProcW 45325->45327 45328 5052e58 CallWindowProcW 45325->45328 45326 5052e40 45326->45300 45327->45326 45328->45326 45330 5050c07 45329->45330 45331 505435a CallWindowProcW 45330->45331 45332 5054309 45330->45332 45331->45332 45332->45300 45334 5052e69 45333->45334 45339 505429b 45333->45339 45334->45314 45337 5052e69 45336->45337 45338 505429b CallWindowProcW 45336->45338 45337->45314 45338->45337 45340 5050bfc CallWindowProcW 45339->45340 45341 50542aa 45340->45341 45341->45334 45231 6b0ced9 45232 6b0ce74 45231->45232 45233 6b0cee2 45231->45233 45237 6b0df78 45232->45237 45241 6b0df69 45232->45241 45234 6b0ce95 45238 6b0dfc0 45237->45238 45239 6b0dfc9 45238->45239 45245 6b0dbd4 45238->45245 45239->45234 45242 6b0dfc0 45241->45242 45243 6b0dfc9 45242->45243 45244 6b0dbd4 LoadLibraryW 45242->45244 45243->45234 45244->45243 45246 6b0e0c0 LoadLibraryW 45245->45246 45248 6b0e135 45246->45248 45248->45239

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 151 6b08490-6b084c2 152 6b084c4 151->152 153 6b084c9-6b08595 151->153 152->153 158 6b08597-6b085a5 153->158 159 6b085aa 153->159 160 6b08a58-6b08a65 158->160 222 6b085b0 call 6b08e00 159->222 223 6b085b0 call 6b08d51 159->223 224 6b085b0 call 6b08f64 159->224 225 6b085b0 call 6b08ed6 159->225 226 6b085b0 call 6b08e46 159->226 227 6b085b0 call 6b08eba 159->227 161 6b085b6-6b08666 169 6b089e7-6b08a11 161->169 171 6b08a17-6b08a56 169->171 172 6b0866b-6b08881 169->172 171->160 199 6b0888d-6b088d7 172->199 202 6b088d9 199->202 203 6b088df-6b088e1 199->203 204 6b088e3 202->204 205 6b088db-6b088dd 202->205 206 6b088e8-6b088ef 203->206 204->206 205->203 205->204 207 6b088f1-6b08968 206->207 208 6b08969-6b0898f 206->208 207->208 210 6b08991-6b0899a 208->210 211 6b0899c-6b089a8 208->211 213 6b089ae-6b089cd 210->213 211->213 217 6b089e3-6b089e4 213->217 218 6b089cf-6b089e2 213->218 217->169 218->217 222->161 223->161 224->161 225->161 226->161 227->161
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2280897671.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_6b00000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: .$1
                                                                                                                                                                                                                                        • API String ID: 0-1839485796
                                                                                                                                                                                                                                        • Opcode ID: 33ce8896ce8894c1a402f671cdec5bd19d7036a0dd0c1eef39ce78d6b7cd8022
                                                                                                                                                                                                                                        • Instruction ID: c0ec249917cf7fa1fade94927bcdde9ba7219faeb686e798b9856455027fe538
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33ce8896ce8894c1a402f671cdec5bd19d7036a0dd0c1eef39ce78d6b7cd8022
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9F1E274E01228CFDB68DF65D884BDDBBB2BF8A301F5091A9D409A7290DB355E86CF50

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 228 6b05600-6b05621 229 6b05623 228->229 230 6b05628-6b05670 228->230 229->230 270 6b05672 call 6b05956 230->270 271 6b05672 call 6b05968 230->271 231 6b05678-6b05684 268 6b05687 call 6b06280 231->268 269 6b05687 call 6b06272 231->269 232 6b0568d-6b056bd 233 6b0570f-6b0574d 232->233 234 6b056bf-6b05709 232->234 239 6b058c6-6b058da 233->239 234->233 242 6b058e0-6b05904 239->242 243 6b05752-6b057d6 239->243 252 6b057d8-6b057d9 243->252 253 6b057de-6b0580a 243->253 252->239 256 6b05815-6b05823 253->256 257 6b058b2-6b058c5 256->257 258 6b05829-6b058b1 call 6b0282c call 6b0283c 256->258 257->239 258->257 268->232 269->232 270->231 271->231
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2280897671.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_6b00000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: +?$c?
                                                                                                                                                                                                                                        • API String ID: 0-2771618736
                                                                                                                                                                                                                                        • Opcode ID: 5e72a128182f422487916b7471f4f9a80f0920101d01ce8c7a4f95a76fe43568
                                                                                                                                                                                                                                        • Instruction ID: a48d92beca320079625736c43e4b1a228f161b1df825a22d3c708f09133ecec1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e72a128182f422487916b7471f4f9a80f0920101d01ce8c7a4f95a76fe43568
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1091C4B4D01219DFEB64DFA9C984B9DBBB2FF4A300F1091A9D409A7391DB306A85CF50

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 272 6b06cc0-6b06cc8 274 6b06cca-6b06d0b 272->274 275 6b06d0f 272->275 277 6b06d0d 274->277 276 6b06d13-6b06d2b 275->276 275->277 279 6b06d32-6b06dce 276->279 280 6b06d2d 276->280 277->275 284 6b06e20-6b06e5b 279->284 285 6b06dd0-6b06e1a 279->285 280->279 290 6b081a9-6b081c2 284->290 285->284 293 6b06e60-6b06fef 290->293 294 6b081c8-6b081ee 290->294 312 6b08161-6b0817b 293->312 297 6b081f0-6b081fc 294->297 298 6b081fd 294->298 297->298 301 6b081fe 298->301 301->301 314 6b08181-6b081a5 312->314 315 6b06ff4-6b07138 312->315 314->290 331 6b0713a-6b07166 315->331 332 6b0716b-6b071b2 315->332 335 6b071f9-6b073b0 331->335 338 6b071b4-6b071d5 332->338 339 6b071d7-6b071e6 332->339 360 6b07402-6b0740d 335->360 361 6b073b2-6b073fc 335->361 343 6b071ec-6b071f8 338->343 339->343 343->335 530 6b07413 call 6b08318 360->530 531 6b07413 call 6b08308 360->531 361->360 363 6b07419-6b0747d 368 6b074cf-6b074da 363->368 369 6b0747f-6b074c9 363->369 518 6b074e0 call 6b08318 368->518 519 6b074e0 call 6b08308 368->519 369->368 371 6b074e6-6b07549 376 6b0759b-6b075a6 371->376 377 6b0754b-6b07595 371->377 526 6b075ac call 6b08318 376->526 527 6b075ac call 6b08308 376->527 377->376 379 6b075b2-6b075eb 382 6b075f1-6b07654 379->382 383 6b07a64-6b07aeb 379->383 391 6b07656 382->391 392 6b0765b-6b076ad LdrInitializeThunk call 6b06afc 382->392 394 6b07b49-6b07b54 383->394 395 6b07aed-6b07b43 383->395 391->392 403 6b076b2-6b077da call 6b05968 call 6b06710 call 6b0282c call 6b0283c 392->403 528 6b07b5a call 6b08318 394->528 529 6b07b5a call 6b08308 394->529 395->394 399 6b07b60-6b07bed 413 6b07c4b-6b07c56 399->413 414 6b07bef-6b07c45 399->414 435 6b077e0-6b07832 403->435 436 6b07a47-6b07a63 403->436 524 6b07c5c call 6b08318 413->524 525 6b07c5c call 6b08308 413->525 414->413 416 6b07c62-6b07cda 428 6b07d38-6b07d43 416->428 429 6b07cdc-6b07d32 416->429 522 6b07d49 call 6b08318 428->522 523 6b07d49 call 6b08308 428->523 429->428 432 6b07d4f-6b07dbb 447 6b07e0d-6b07e18 432->447 448 6b07dbd-6b07e07 432->448 445 6b07884-6b078ff 435->445 446 6b07834-6b0787e 435->446 436->383 461 6b07951-6b079cb 445->461 462 6b07901-6b0794b 445->462 446->445 520 6b07e1e call 6b08318 447->520 521 6b07e1e call 6b08308 447->521 448->447 449 6b07e24-6b07e4b 458 6b07e55-6b07e69 449->458 463 6b07f9f-6b08148 458->463 464 6b07e6f-6b07f9e 458->464 478 6b07a1d-6b07a46 461->478 479 6b079cd-6b07a17 461->479 462->461 515 6b08160 463->515 516 6b0814a-6b0815f 463->516 464->463 478->436 479->478 515->312 516->515 518->371 519->371 520->449 521->449 522->432 523->432 524->416 525->416 526->379 527->379 528->399 529->399 530->363 531->363
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2280897671.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_6b00000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: d075104789e5ffd0d90db60d411440ad0d324d2ac4bdca13e9b165d5ed6bc5da
                                                                                                                                                                                                                                        • Instruction ID: 596e47a7a77f3747867f4fc105266275776f9e19956d514426fdb112b55c2204
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d075104789e5ffd0d90db60d411440ad0d324d2ac4bdca13e9b165d5ed6bc5da
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DFC28074A022298FDBA5DF64D898BDDBBB1FB49300F1095E9E409A7290DB356E85CF40
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2280897671.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_6b00000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 8b1c8ae1b9d2bf385ca0d60a54e51f40dd379841bdb404ee8ac7f0b53291f380
                                                                                                                                                                                                                                        • Instruction ID: 43a2b26d86e1c1c1e81627ce83b91088f248b34772aa28f8d31a9f69d61202bc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b1c8ae1b9d2bf385ca0d60a54e51f40dd379841bdb404ee8ac7f0b53291f380
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A832B374E01229CFDB64DF64C894BDEBBB2BB49300F5095E9D10AAB254DB359E81CF50
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2280897671.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_6b00000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: c62e8855cb4dd67da5491e798410a5300f48bf3b78cd6b3e0c84ba86cfad51ca
                                                                                                                                                                                                                                        • Instruction ID: cf60ba35aed25128edc862d16f26b5cc94694018d3c2ea6725dd6bce893faeae
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c62e8855cb4dd67da5491e798410a5300f48bf3b78cd6b3e0c84ba86cfad51ca
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31229E74D01229CFDB64DF64C990BD9BBB2AF89300F1095EAD54DA7250EB30AE85CF90

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 028CB086
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266338367.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_28c0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                                                                                                        • String ID: 0V$0V$cz}+
                                                                                                                                                                                                                                        • API String ID: 4139908857-2233869222
                                                                                                                                                                                                                                        • Opcode ID: 99103ebd0c803aa49eafb4d7447e8581de901ba9be650c1783c5158c0b544943
                                                                                                                                                                                                                                        • Instruction ID: 6339085e39ca0290c3ae6893ef2f76f03f81a9cc581f4ca8876f770e6145b5ad
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99103ebd0c803aa49eafb4d7447e8581de901ba9be650c1783c5158c0b544943
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 737147B8A00B098FD728DF69D04575ABBF1FF88304F10892DD48AD7A40D775E906CB91

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 80 5050bfc-50542fc 83 5054302-5054307 80->83 84 50543ac-50543cc call 5050ad4 80->84 86 5054309-5054340 83->86 87 505435a-5054392 CallWindowProcW 83->87 91 50543cf-50543dc 84->91 93 5054342-5054348 86->93 94 5054349-5054358 86->94 88 5054394-505439a 87->88 89 505439b-50543aa 87->89 88->89 89->91 93->94 94->91
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 05054381
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2277895366.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_5050000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CallProcWindow
                                                                                                                                                                                                                                        • String ID: cz}+
                                                                                                                                                                                                                                        • API String ID: 2714655100-1738314892
                                                                                                                                                                                                                                        • Opcode ID: 23c9c3c17d0dee9db251bc6e73cf8d8ab1d17beb67555271ce105a81c013126e
                                                                                                                                                                                                                                        • Instruction ID: d790b6dc38221fc8e5e05976a8953241a787d6f63962c700f4e20e242923e3b6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23c9c3c17d0dee9db251bc6e73cf8d8ab1d17beb67555271ce105a81c013126e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4412AB5900309DFDB14CF99D488AAFBBF6FF88324F248559D919A7321D774A841CBA0

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 59 28c5935-28c593b 60 28c5944-28c5a01 CreateActCtxA 59->60 62 28c5a0a-28c5a64 60->62 63 28c5a03-28c5a09 60->63 70 28c5a66-28c5a69 62->70 71 28c5a73-28c5a77 62->71 63->62 70->71 72 28c5a88-28c5ab8 71->72 73 28c5a79-28c5a85 71->73 77 28c5a6a 72->77 78 28c5aba-28c5b3c 72->78 73->72 77->71
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 028C59F1
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266338367.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_28c0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                                                        • String ID: cz}+
                                                                                                                                                                                                                                        • API String ID: 2289755597-1738314892
                                                                                                                                                                                                                                        • Opcode ID: 34f18f782798dd24226eff120adf5620df9dae3e6b0fa0571eb881541c6809eb
                                                                                                                                                                                                                                        • Instruction ID: bb32f87017b95166d11e5c133c8c2400e1efff7a545acba5b8b012d0f4cc789f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34f18f782798dd24226eff120adf5620df9dae3e6b0fa0571eb881541c6809eb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF41CFB4D0061DCBEB24CFAAC98478DBBB6BF48704F64815AD408BB251DB75694ACF90

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 97 28c4248-28c5a01 CreateActCtxA 100 28c5a0a-28c5a64 97->100 101 28c5a03-28c5a09 97->101 108 28c5a66-28c5a69 100->108 109 28c5a73-28c5a77 100->109 101->100 108->109 110 28c5a88-28c5ab8 109->110 111 28c5a79-28c5a85 109->111 115 28c5a6a 110->115 116 28c5aba-28c5b3c 110->116 111->110 115->109
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 028C59F1
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266338367.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_28c0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                                                        • String ID: cz}+
                                                                                                                                                                                                                                        • API String ID: 2289755597-1738314892
                                                                                                                                                                                                                                        • Opcode ID: b8cac3323423bd9888267ab3ab60161dfdd58a069c07d42f1909c3ea7e5232bc
                                                                                                                                                                                                                                        • Instruction ID: 095b755615fccf3fb41cf4efc6a6e3d24e87e0413643f5a8b06c009feb6bc237
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8cac3323423bd9888267ab3ab60161dfdd58a069c07d42f1909c3ea7e5232bc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0041CFB4D0061DCBEB24CFAAC984B9DBBB5BF44704F60815AD408BB251DBB5A949CF90

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 118 28cc9a0-28cd394 DuplicateHandle 120 28cd39d-28cd3ba 118->120 121 28cd396-28cd39c 118->121 121->120
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,028CD2C6,?,?,?,?,?), ref: 028CD387
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266338367.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_28c0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                                                                                                        • String ID: cz}+
                                                                                                                                                                                                                                        • API String ID: 3793708945-1738314892
                                                                                                                                                                                                                                        • Opcode ID: 692e11c372074d57dc70b575c85ae021f0db752638c09c87182d6f6f8ed94665
                                                                                                                                                                                                                                        • Instruction ID: 653b52039d1973f9a092e71df4e404036e364a520dc1b1ed8e96279f64f01f75
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 692e11c372074d57dc70b575c85ae021f0db752638c09c87182d6f6f8ed94665
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6121E6B5900309DFDB10CFAAD984ADEBBF5FB48314F24841AE918A3310D374A954CFA5

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 124 28cd2f9-28cd394 DuplicateHandle 125 28cd39d-28cd3ba 124->125 126 28cd396-28cd39c 124->126 126->125
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,028CD2C6,?,?,?,?,?), ref: 028CD387
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266338367.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_28c0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                                                                                                        • String ID: cz}+
                                                                                                                                                                                                                                        • API String ID: 3793708945-1738314892
                                                                                                                                                                                                                                        • Opcode ID: bdfbe32a29b98f85be4b3d847317a26e4ec0d29b70e70b827970a43cb172a9c9
                                                                                                                                                                                                                                        • Instruction ID: 88d609ea0f6972e64652826d1e793a6d25f109451d30e2df873b4663f366f5b8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdfbe32a29b98f85be4b3d847317a26e4ec0d29b70e70b827970a43cb172a9c9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A21D5B5D00209DFDB10CFA9D584ADEBBF5FB48314F24845AE918A7350D374A954CF64

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 129 6b0dbd4-6b0e100 131 6b0e102-6b0e105 129->131 132 6b0e108-6b0e133 LoadLibraryW 129->132 131->132 133 6b0e135-6b0e13b 132->133 134 6b0e13c-6b0e159 132->134 133->134
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,06B0E01E), ref: 06B0E126
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2280897671.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_6b00000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                                                                                        • String ID: cz}+
                                                                                                                                                                                                                                        • API String ID: 1029625771-1738314892
                                                                                                                                                                                                                                        • Opcode ID: 98a9198f1a6e2263f744fd2a74ffd0be1074e929e7964f2b57c74a3a55186d9c
                                                                                                                                                                                                                                        • Instruction ID: 47154cd5b19ecd53152f10c3b473eca6206ca4f60901041adffb877daca226fe
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98a9198f1a6e2263f744fd2a74ffd0be1074e929e7964f2b57c74a3a55186d9c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A1112B2C046098BEB14CF9AC844B9EFFF4EB88320F10885AD519B7240D3B5A546CFA1

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 137 6b0e0be-6b0e100 139 6b0e102-6b0e105 137->139 140 6b0e108-6b0e133 LoadLibraryW 137->140 139->140 141 6b0e135-6b0e13b 140->141 142 6b0e13c-6b0e159 140->142 141->142
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,06B0E01E), ref: 06B0E126
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2280897671.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_6b00000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                                                                                        • String ID: cz}+
                                                                                                                                                                                                                                        • API String ID: 1029625771-1738314892
                                                                                                                                                                                                                                        • Opcode ID: be64154915331d42f6c9266ae87bac433a0dab7f0ed6ebd4dbcfc5b3908ac867
                                                                                                                                                                                                                                        • Instruction ID: 60ac99801159dec22064b366214f52c6eca6ec0df42c1c4c3924f38234354139
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be64154915331d42f6c9266ae87bac433a0dab7f0ed6ebd4dbcfc5b3908ac867
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E81123B2C006098BDB10CF9AC844A8EFFF4EF88320F10885AD418A7200D3B5A545CFA0

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 145 28cb020-28cb060 146 28cb068-28cb093 GetModuleHandleW 145->146 147 28cb062-28cb065 145->147 148 28cb09c-28cb0b0 146->148 149 28cb095-28cb09b 146->149 147->146 149->148
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 028CB086
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266338367.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_28c0000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                                                                                                        • String ID: cz}+
                                                                                                                                                                                                                                        • API String ID: 4139908857-1738314892
                                                                                                                                                                                                                                        • Opcode ID: 288e0219cf3acf0bbda4628d33a27d6b58933ad22e37ae4b1aceccce471e53b7
                                                                                                                                                                                                                                        • Instruction ID: df42b2310f8ebd1142480faa414e18c21b33b15d4358ae4b4c7f7f6b1e2b7a97
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 288e0219cf3acf0bbda4628d33a27d6b58933ad22e37ae4b1aceccce471e53b7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 611102BAC007498FCB10CF9AC444B9EFBF4BB88624F20841AD428A7210C3B5A545CFA1
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • KiUserExceptionDispatcher.NTDLL ref: 050572DC
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2277895366.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_5050000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 6842923-0
                                                                                                                                                                                                                                        • Opcode ID: 93522ffeeb06df82efda27f459109f38ea6e43a6a8bee2fbf146e55aac045295
                                                                                                                                                                                                                                        • Instruction ID: 239935f7820fba8bb9e6b881ec6c2a52f5c05a2f42d9496d64a4ef841ac0d9c4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93522ffeeb06df82efda27f459109f38ea6e43a6a8bee2fbf146e55aac045295
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C221D375E052189FCB08CFA9E888ADDBBF6FF89310F10512AE805B3350DB341941CB54
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266043079.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_ead000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: c6f9874e57982f1d5d204129c016e01e25dabf60d6dc8999632b264608349daa
                                                                                                                                                                                                                                        • Instruction ID: 252223abacf583621a17a5a6c3546fe67dc5268b1b9ace4bc8ca2585aaca6e11
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6f9874e57982f1d5d204129c016e01e25dabf60d6dc8999632b264608349daa
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D821F776508244EFCB09DF10DDC0B2ABF65FB8D314F248669E90A1E656C336E816CB61
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266043079.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_ead000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 02f7a119918ea752a7f8d0d41223177ecf4533d63812f5f25db179216f60e9ee
                                                                                                                                                                                                                                        • Instruction ID: 10479791c8cd7f2e81d08af02e5cb5d3b3263a997a6265b93193996182c15a9a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02f7a119918ea752a7f8d0d41223177ecf4533d63812f5f25db179216f60e9ee
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8521F476508204DFDB04DF14D9C0B2ABF65FB9D324F20C169D90A5F656C336F856CAA1
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266086582.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_ebd000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: aa96e3abe0788a1c47ddb75cddcf2fda62398e90e38d830994c1ad78feaf702a
                                                                                                                                                                                                                                        • Instruction ID: 039ab015d0b352a1f46c1fa1bf2892e7ada83c6bd2664dc4b5f2c05386e4114a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa96e3abe0788a1c47ddb75cddcf2fda62398e90e38d830994c1ad78feaf702a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85212275608300EFCB14EF14D9C0B67BB66FB88318F20C56DD90A5B292D37AD807CA61
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266086582.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_ebd000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 78f291d7bb87affc06145141bef5392208568e98fdd98df5a2f09cbc938e8fcf
                                                                                                                                                                                                                                        • Instruction ID: cac22aab36f4b7b6da0caf7ed88a2893d8154fc6ba0141e2f928e8d538797dd8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78f291d7bb87affc06145141bef5392208568e98fdd98df5a2f09cbc938e8fcf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E21537550D3C08FCB12DF24D994756BF71EB46314F28C5DAD8498B6A7C33A980ACB62
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266043079.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_ead000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 83fb694dd1e91a6ea135483331fab76a04ef60c4faa8ae053019808facf22284
                                                                                                                                                                                                                                        • Instruction ID: 462ca7790c236f9c2cf49f7b6ffe79dfafacb8584af7afb69aebb32a58a032d5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83fb694dd1e91a6ea135483331fab76a04ef60c4faa8ae053019808facf22284
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6421D276404284DFCB06CF00D9C0B16BF72FB88318F2482AAE9491F656C33AD426CB91
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266043079.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_ead000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                                                                                                                                        • Instruction ID: 56f18ac66e525209e62ad596091115b85045c9bb075460b46de0684cd1474ff1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA11E976504240DFDB15CF10D9C4B16BF71FB99324F24C6A9D80A4F656C33AE456CB91
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266043079.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_ead000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: cff3bf0d5dce27ec89a2b609b27cce10b69208db8ce323250e9d9ce3241e5089
                                                                                                                                                                                                                                        • Instruction ID: d57c838b4be76e073673d421a06525b57631b9d31ac7a030827984214ab746db
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cff3bf0d5dce27ec89a2b609b27cce10b69208db8ce323250e9d9ce3241e5089
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C012B7140C344DAE7104B66CDC4767BFD8DF8A324F18D51AED0A2E696C7B8A840C671
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2266043079.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_ead000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: c397ec1f5590fd1689b8497ab5fe85a6ab0ed7de6cf07eeeaad9b1ee7ca813aa
                                                                                                                                                                                                                                        • Instruction ID: 0115bdef1b02d53f91a6a6473dbf65b5fae53236752b264b82d1a64e7f9eb794
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c397ec1f5590fd1689b8497ab5fe85a6ab0ed7de6cf07eeeaad9b1ee7ca813aa
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2F0C2724083449AE7108A06DCC4B62FFA8EB85728F18C05AED091E686C379A840CA71
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2280897671.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_6b00000_17.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 29acaa38745c75e9c0628bc95d78a0caf00e2a09dbe8e87c2a6e107b2b6761b7
                                                                                                                                                                                                                                        • Instruction ID: ff4cbc37b9612a60846c8acdf4f728b39092c7dbf443db49739c895afff2fa34
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29acaa38745c75e9c0628bc95d78a0caf00e2a09dbe8e87c2a6e107b2b6761b7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05F045B0C84219DEFB649F50D8997BDBEB0EB46305F106499C216B61D0CB745698CF84